SECURITY
MANDATE
SPONSORED REPORT
MOBILE SECURITY, PRESENT AND FUTURE
WYasir Aziz, Senior Director on Samsung’s Knox Regulated Markets, gives his take on the current state of security, effective mobile security policy, and the future of mobile security.
HAT IS THE CURRENT STATE establish that, it’s important to automatically enforce OF MOBILE SECURITY? There are those policies. That way, nobody can circumvent the three vectors and each is continually policy. Finally, agencies should only approve mobile evolving. The first is vulnerability. devices that work well with their specific mobile Hackers are getting smarter in security policies.
figuring out how to get into mobile devices and steal information. The second is organizational needs and requirements. Government agencies’ use of mobile technology is changing, as are their mobile security policies. Finally, there are the devices themselves. These are continually advancing to provide better and more pervasive security, particularly at the hardware layer.
WHAT IS GOING ON IN THE AREA OF IDENTITY AND ACCESS CONTROL? The government still relies heavily on actual Common Access Card (CAC) access, where they authenticate on an actual device using two-factor authentication. Some agencies, especially
in the Defense area, are working on a program called Derived Credentials. This will take credentials off the CAC and implement them as a certificate on the device. That way they won’t have to walk around with an extra mechanism to authenticate because it will already be on the device. They aren’t there yet, but there have been some successful proofs of concept so it’s on the way.
HOW COULD BIOMETRICS IMPROVE MOBILE SECURITY FOR GOVERNMENT? The industry has embraced biometrics, and the government is working on it. Right now, it’s a matter of finding the right standards and specs. Fingerprints were a great start for biometrics, but now new advancements such as iris scanning are allowing even more robust biometric readings and exponentially increasing the unique factors to further strengthen the speed, reliability, and security.
WHAT ROLE DOES POLICY PLAY IN MOBILE SECURITY? Agencies have to determine what’s most important in terms of the data, applications and device features to which users need access. Once they
WHAT’S COMING UP IN MOBILE SECURITY THAT WILL CHANGE THE GAME? There is a lot of research and development underway that will lead to some interesting advances in the next few years. Within a few years, for example, users won’t have to worry about data on their mobile devices. Most of
it will reside in some sort of virtual environment in the cloud. So users will be able to pick up any mobile device and access their virtual mobile environment, including settings, applications and data.
ARE THERE SECURITY ADVANCES ON THE HORIZON THAT WILL ALSO HELP SIMPLIFY THE MOBILE EXPERIENCE? One is application- driven security. This means security features will
be attached to the application instead of the entire device. For example, an agency might not let users working with specific applications use WiFi or Bluetooth while working with that application. This will reduce the need for containers and let users download and use many more types of applications on their devices, as long as specific applications are secured. Another advance in the works is context- aware security, where based on your location, the device will relax security requirements. For example, if your mobile device realizes you’re in your office, it could let you access certain applications or data that you wouldn’t be able to access in public areas.
Download the Full Report at GCN.com/SamsungSecurityMandate