What is Context-aware Security ? What are use cases ?

Context-aware security is the use of supplemental information to improve security decisions at the time they are made, resulting in more accurate security decisions capable of supporting dynamic business and IT environments. The most commonly cited context information types are environmental (such as location and time). However, context information valuable to information security exists throughout the IT stack, including IP, device, URL and application reputation; business value context; and the threat context in which the decision is made.

Context awareness changes security from an approach of “you have access to everything when you login” to an approach of “you’ll have access to some things based on where you are and what you’re trying to do, on what device and at what time.” For example, context awareness will detect when an employee is trying to login with their company laptop from an airport lounge using the public Wi-Fi service instead of a secure VPN connection—and limit their application access accordingly.

"Organization can base security decisions on the who, what, where, when and why behind the user’s request, it can make access control more accurate and increase the ease of legitimate access"

"Context-aware security empowers organizations to base real-time security decisions on the total risk associated with multiple pieces of security information"

USE CASES

1. Begin with the Security Fundamentals

Context-aware security requires context. That’s not a startling conclusion, but it’s an area where many institutions fall short. Security decisions that are both contextual and wise require deep information about users and data. Before embarking on a context-aware security initiative, make sure you have a robust identity and access management infrastructure capable of providing useful attributes about individuals. For example, security products must be able to identify a person’s status — faculty member, student or administrator — and, preferably, his or her department.

2. Understand the Sensitivity of Your Data

In addition to user attributes, security analytics requires knowledge about data. If you don’t already have a strong data classification program, it’s helpful to clearly identify the key elements of sensitive information handled on your campus. For example, you might label Social Security numbers, credit card numbers, health records and financial aid records as highly sensitive information. Then, context-aware security products will be able to distinguish the systems and users handling those records from the general campus population.

3. Focus on Key Assets to Secure

Deploying context-aware security products requires an investment of human and financial resources. Once you’ve set up these products properly, they can add tremendous value to institutional cybersecurity efforts, but the initial configuration takes time. If you’ve clearly identified your highly sensitive information, the next logical step is to follow the data and deploy context-aware security controls around that information. Focus on users and systems in high-value departments — finance, accounting, human resources and health services — to get the most bang for your buck.

4. Reduce Your Cybersecurity Workload

One of the greatest rewards promised by context-aware security is reduced workload for your cybersecurity team. These individuals are often deluged with data and can easily spend an entire day sorting through critical information, trying to prioritize security work. In addition to deploying context-aware security around high-value information, consider also deploying it in situations that create the most work for your security team. For example, if you’re constantly battling false positive reports from a campus intrusion detection system, consider adding contextual information in that space that can both reduce false positives and prioritize other analysis efforts.

" Some data and facts has been taken from different sources"