Protection against “Layer 8” – How deviceTRUST increases Security with Technical Measures
Marc Stieber
deviceTRUST, now Part of Citrix | Real-Time Contextual Access for VDI and DaaS environments
Information security starts with people. This statement sounds like the mantra of every IT security officer who regularly points out to his colleagues the importance of complying with the instructions in force. So-called “Security Awareness Trainings” are being offered for this purpose. However, they usually fall short when the users no longer remember what they have learned at the latest.
Organizational and Technical Measures
To increase IT security, companies and institutions have the choice between organizational and technical measures.
For example, employees can be asked to activate the firewall and install updates regularly when accessing their digital workspace. Organizationally, everything is fine in this case. The employees sign an agreement, and everything is legally for the company – until a security incident that can severely affect the company financially occurs due to carelessness – a classic example of a "Layer 8" (1) problem.
As meaningful as organizational measures are, they are not sufficient for comprehensive protection against Hackers and Co.
To supplement organizational measures, technical measures are necessary to protect your data and resources from uninvited guests. However, a technical possibility is not always applicable, or a suitable technical solution is not always known to the respective decision-makers, which is why it is necessary, from time to time, to resort to organizational measures to ward off a greater evil.
领英推荐
Contextual Security as a Strong Technical Measure
During a product demo, I learned that a certain company informs its employees with a text that a mission-critical application shall only be used if the employee is at a specific location. This procedure reminded me of the “no trespassing” sign on construction sites. You shouldn’t enter, but the sign won’t stop you either. The security gain is equal to zero. My explanation of our “Conditional Application Access”, i.e. the possibility – during the session runtime (!) – of revoking access to (mission-critical) applications when the context changes, was initially not thought possible and then commented during the demo with the following words: “Wow, that's live.”
I recently read another practical example that illustrates the “Power of deviceTRUST” in a German LinkedIn thread (2).
It documented how a laptop was left unsecured on a train, i.e. without activating the lock screen, so that anyone could have had access to it, with all its applications and data. The comments were many and varied. It is clear that technical solutions, no matter how secure, such as VPN tunnels, are of no use if the user has not paid attention to the “Security Awareness Training” and forgets to lock the screen before leaving the seat. As a technical (context-based) option, deviceTRUST could have helped in this case. While it is possible to dynamically set the so-called “session idle time”, with our solution, depending on the location, there would also have been in place a strong technical measure to support even the most careless employee in terms of security.
To put it briefly: technical measures supplement organizational measures and deviceTRUST’s “Contextual Security” enormously reinforces conventional technical measures. The following link provides some examples that can help you take your security to a new level: https://devicetrust.com/benefits/use-cases/
Sources: