Internet of things – security burden

atlas-iot-zologicSecurity Think Tank: Human factor key to access control The modern business environment is no longer a static self-contained area, all nicely enclosed in a physical, logically discrete and easily controlled space. We have an increasingly diverse, mobile workforce and have been adopting equally flexible IT systems to accommodate the resulting needs of all this change. Whether it is mobile devices, online or cloud services, or remote access to back-end service, they all pose increasing challenges when it comes to access control . In times gone by, we had to manage using multiple sign-ins to multiple platforms to handle an increasing number of discrete systems. This then became handled through a single domain
and log-in. Once authentication was complete, the user could access whichever systems or applications they were authorised for. But things have changed and our mobile and flexible workforce, systems and platforms may no longer be owned by us, as we use a greatly increased array over a wider and more connected workforce. This presents us with a fresh set of challenges. Identifying what some of the key mistakes that can and have been made will help us understand how best to increase our own resilience and security. Wherever your information is stored and wherever there is a need to access that information, it is vital that the information asset owner (IAO) is involved in setting up the access control policy. So that the asset is properly understood, assessed and access is on a need-to-know basis. If access is required to any online data storage from mobile devices, it is vital that we understand whether the access to the device is able to provide an appropriate level of security. For instance, many mobile devices only require a 4 digit PIN , whereas a corporate access policy may require a more complex access code. Should that device then be given access to that online data storage?

Geef een antwoord

Het e-mailadres wordt niet gepubliceerd.