Securing BYOD

By BlackRidge

The explosion of mobile devices upon our everyday world has meant unprecedented security challenges for IT organizations, both qualitative and quantitative, especially in the context of BYOD (Bring Your Own Device). A number of mobile device manufacturers have mounted efforts to address these issues through new initiatives to develop and deploy hardware and software security products. Complementing these initiatives, BlackRidge offers a solution, based on our patented TAC (Transport Access Control) technology. TAC and mobile technologies can interact to enhance and extend the security posture of collections of mobile devices.

There are two reasons in particular that mobile devices present special difficulties for the information security policies and risk exposure of large organizations. First, the devices and their software are diverse and unstandardized, making them prime targets as vehicles for malware. Second, they have become more and more indispensable to their owners, making it infeasible to exclude them from the workplace. They are used on the go, and often are used to gain access to an organization's networked data and applications.

Systems which create security structures such as containers and identities, and manage them so as to be consistent with security policies and rules, must necessarily allow communication between their constituent elements: mobile clients, servers, cloud facilities, data centers and the like.

The interconnect, linking these components has special demands from three points of view: security, reliability, and efficiency. In order for a mobile infrastructure to scale without compromising security, it is vital that this interconnect offer deterministic protections for the control and management of data passing between and among clients and servers. Operating in an environment like the Internet which, based as it is on TCP/IP, is inherently dynamic and malleable, the challenge for such an infrastructure is greatly magnified.

BlackRidge TAC supports these interconnect requirements in several ways:

  • TAC allows variable and fine grain targeted control over the populations of packets which are permitted to flow over connections
  • TAC supports detailed assessment of and policy responses to traffic patterns of interest on both ingress and egress
  • TAC permits segregation, partitioning, and segmentation within and between populations of participating nodes

Utilizing its ability to accumulate longitudinal patterns over extended sampling intervals, and therefore to recognize destructive temporal and structural patterns in addresses and flow features, TAC facilitates advanced tools for recognizing and mitigating certain attack processes and signatures.

With mobile systems participating in larger aggregations, and together with device management and container creation capabilities of these systems TAC expands and reinforces the security posture of these tools for organizations providing capability to:

  • inspect traffic patterns for emergent vulnerabilities and attack clusters
  • extract and distill templates for policy responses
  • offer mitigation strategies in real time as attack constellations evolve. Because TAC itself provides inbuilt cloaking and identity authentication mechanisms, the augmented analysis and response capabilities do not come at the expense of diminished or compromised security overall.
  • reduce and manage energy and capital equipment costs through optimization of security procedures to eliminate redundant and unproductive assets
  • support sophisticated identity authentication processes in complex network topologies where security is paramount

In summary, binding BlackRidge’s TAC to mobile devices holds the potential for uniquely scalable mobile security solutions in the BYOD enterprise.