Security Think Tank: Context-aware security saves time

How should businesses approach context-aware security technologies and what will be the business benefit?

Context-aware computing is not a new idea; everything from the search engine you are probably sitting in front of to the mobile phone in your pocket uses it at its most basic level.

The origin of the phrase comes from the human idea of studying a piece of text and bringing to bear the other things that you know about the words on paper; from the author’s life story to the facts about its setting.

There is a big difference though. With humans this kind of contextual understanding takes more time than simply reading the words on the page. In contrast, contextual computing, and particularly context-aware security, saves time.

There is no question that security teams are spending increasing amounts of time looking after compliance controls. In fact, security teams are overworked generally and even very large companies are seeking to outsource some elements of the process. This could be to a virtual chief information security officer or an entire outsourced team.

Context-aware security devices provide valuable time leverage in an already over-stretched department. They utilise supplemental information to improve security decisions, allowing people to do the same in significantly shorter time scales. 

By embracing context-aware security devices, operational savings can be made through a reduction in response times and an increased likelihood of the correct decision being made during an incident.

But how should business approach these new technologies?

  • Make strategic technology replacements in line with upgrade paths
  • Identify process bottlenecks where context aware technologies can streamline business operations
  • Identify areas of intensive data analysis and look for strategic alignments with context-aware devices that can increase reaction times without reducing effectiveness

Thinking back to the origin of the phrase contextual computing, it is important also that these actions be put into the most appropriate human context. It should be a specialist security team or officer running these processes and they need to be made in context – while thinking holistically about the overall needs of the business.

It may well be that more security technology, context-aware or not, is not the biggest requirement for some companies.

Sometimes it is the human context that needs to be improved, from a social-engineering perspective. After all, the supplemental information the software will be looking for is founded on human behavior patterns, from information user behavior and tasks to location, infrastructure and physical conditions. Context counts, but so do people. 

Peter Bassill is a member of the ISACA cyber security board and managing director at Hedgehog Security

Read more on Hackers and cybercrime prevention