Security Think Tank: Enterprise adoption of context-based security slow

Opinion

Security Think Tank: Enterprise adoption of context-based security slow

In looking at context-aware security, it is worth briefly summarising the technology. It is over ten years since context-aware security was proposed. In brief, the idea is simple: build a security system that can use factors such as location, device and the information accessed to decide the type and rigour of the security required. Now, technology and networks have evolved to the point where such a system is possible and can be sold commercially.

Judging the uptake of context-aware technologies is difficult, because it is not one platform or one application. Certainly, we are seeing more suppliers offering context-aware products and some are already offering integration platforms such as Cisco’s pxGrid. On the enterprise side, adoption seems slow, as other initiatives such as BYOD, cloud and cyber defence take priority and the lion’s share of limited budgets. Additionally, these technologies may require significant investment and alterations in network infrastructure.

40199_Security-think-tank.jpg

Initially, enterprises should pilot these technologies to gain an understanding of the business and security benefits of context-aware security, creating success criteria, planning the integration of the technologies and then identifying a suitable pilot project to trial the technologies. The impact of adopting context-aware security on the current IT and security architectures should be considered: it may require one or both architectures to be revised to gain the greatest benefit from adoption.

As the (ISC)2 CISSP Common Body of Knowledge states, the architecture provides the means to ensure the implementation of security controls is correct and verifiable. Once the trial is underway, the performance and success of context-aware technologies can be measured and compared against the success criteria. If the trial proves a success, planning for an enterprise roll-out can be drawn up.

Adrian Davis is managing director EMEA for (ISC)2

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in March 2014

 

COMMENTS powered by Disqus  //  Commenting policy