Context is key to security as IT loses control, says Gartner

IT is losing control of devices and systems, but security can be achieved through context, says Gartner

Information security professionals are increasingly facing the challenge of protecting data on devices and systems not owned or controlled by the company, but context provides the solution, says Gartner.

“The assumption that control means security was flawed to begin with, but with consumerisation and cloud there is a definite need for a new model of trust,” said Gartner analyst Neil MacDonald.

This is also underlined by the fact that traditional signature-based security technologies, such as firewalls, are decreasing in value, he told visitors to the Gartner Security and Risk Management Summit 2013 in London.

According to MacDonald, context can go a long way in helping to identify whether an information security decision is appropriate or not.

To illustrate the point, he said in the old model of security, transactions would be allowed if a user’s login was successful.

“By adding the context of location and time, it is clear if someone is trying to transfer money from China at 1am when they were in Spain six hours earlier, that the transaction is unlikely to be legitimate,” he said.

Enterprise can learn from this consumer banking example, he said, that context can be a powerful security tool even where none of the technology being used is under the bank’s control.

“Enterprises may be losing control due to consumerisation and the use of cloud services, but the context of every transaction at every layer of the stack can compensate for that,” said MacDonald.

Reputation and historical patterns of behaviour can be applied to the identity of user, content of data, application, operating system, device and network.

“By checking whether an unknown executable has been seen before, looking at how fast it is spreading, and establishing if it is signed and by what authority, is more effective than traditional blacklisting or whitelisting techniques,” said MacDonald.

Organisations, he said, should be asking their security suppliers what they are doing to supplement signature-based detection.

Context is critical to turning huge amounts of security data into actionable insight and identifying those things that represent the most risk in an organisation

Neil MacDonald, Gartner

Suppliers which understand that signature-based technologies are becoming less effective are adding context awareness to their products and services.

“Context is critical to turning huge amounts of security data into actionable insight and identifying those things that represent the most risk in an organisation,” he said.

Therefore, MacDonald said organisations should use replacement cycles to add context awareness to their firewalls and authentication, authorisation, Siem, DLP and other security systems.

They should also demand specific roadmaps to show how they are adding application, identity and context awareness to their products.

“Pressurise your suppliers into delivering a context-aware risk-based view of IT [if they are not already doing so],” he said.

Read more on Hackers and cybercrime prevention