Adaptive Trust Defense for Enterprise Mobility

还记得良好的日子 - 当用户都携带相同的公司发行的设备时，通过明确定义的过程仔细审查和分发了应用程序，而远程访问意味着使用具有两因素身份验证的VPN客户端和物理RSA代币生成器？Merriam-Webster的在线词典将怀旧定义为“记住过去的事物并希望您能再次体验它而引起的悲伤”。每当Apple或Samsung宣布新产品或操作系统更新时，负责确保当今移动企业网络和数据的IT专业人员都必须感觉到这一点。

Why nostalgia? Because IT has lost control. The transformation from a static, wired environment to a dynamic mobile environment is to blame. Employees emboldened by the ability to always stay connected have forced the hand of corporate IT departments to boldly go where networks have never gone before – everywhere and anywhere. What's worse, IT
通常只有在他们的网络上才知道他们的新产品或服务广泛使用中,不得已伸出ing them to openly welcome unwanted technology without properly vetting it or fully understanding the risks.

结果，它最终表现出微妙的平衡行为。一方面，有必要使员工能够减轻风险的艰巨挑战。因此，它必须确保达到足够的安全措施，而不会过分影响员工的生产率。由于安全和管理上的不一致，这提出了一些相当独特的挑战：

• Devices and operating systems differ across platforms and manufacturers
• User preferences and habits differ
• Security components may or may not work the same when it comes to performing basic functions like user authentication

Mobile security by and large hasn't been able to keep pace. IT spend remains largely focused on perimeter defenses to weather the storm of external denial-of-service (DoS) attacks and zero-day exploits that generate headlines but pay little attention to mobile devices and users gaining access to network resources and data. And while solutions like mobile device management (MDM) or enterprise mobility management (EMM) make their way into the enterprise to address mobile access, implementations lag due to end user rejection of big-brother controls or cumbersome / non-intuitive workflows.

In keeping with the times, IT must evolve security to address the risks introduced by enterprise mobility – specifically as it pertains to trust. In the past, physical security measures satisfied most trust requirements; if an employee provided proper credentials at the front door or perimeter, then trust would be established and access grated. But what about users who don't go through the front door andaren't asked to produce identification to validate their need to be there? If that same user comes through a back door, do we let them connect and give them the same level of trust?

Conventional wisdom would suggest that we don't. In fact, everyone and everything should be interrogated and an informed policy decision made. The ideal model would be to make a decision based on relevant context. Useful context can include:

• User identity and role
• Type of device and ownership
• 地点
• Has this device been seen before
• Does the device meet security standards

By gathering and using context, IT is in a better position to handle the unknowns that pop up on their network. Instead of treating everyone and everything as an un-trusted entity, IT can create adaptive policies based on business needs and associated risks. What's more, IT can also mitigate many of the risks associated with anywhere, anytime and anydevice access without impacting productivity.

自适应信任提供了可见性和控制性，同时大大降低了风险。更重要的是，它可以加强现有系统，而无需引入不必要或复杂的程序。适应人们工作方式的信任模型可提供更好的用户体验，同时大大提高安全性。