Making the case for context-aware security
- By Mark Pomerleau
- Sep 09, 2015
In the federal government, security always trumps user convenience. But blanket security policies sometimes send employees looking for workarounds, putting agencies at risk.
Context-aware security policies could benefit both IT managers and users by adjusting the level of security to individual access requests, according to 97 percent of 150 federal IT and security professionals recently surveyed by Dell.
Context-aware security replaces static access processes with an approach that evaluates the context surrounding each access request and adapts security requirements accordingly, delivering the appropriate level of real-time security based on a changing threat landscape. While nearly 100 percent of IT professionals surveyed recognize the benefits a context-aware security approach would bring, only 28 percent said their organizations have fully embraced this approach. More than 60 percent indicated that lack of awareness about context-aware security is the greatest barrier to adopting it in their organization.
Besides providing more convenience to users and tightening access, context-aware security helps organizations assess and prioritize threats based on potential level of harm and gain visibility into the context when assessing risk.
“Context-aware security gives IT the ability to adjust the [security] dial in real-time, giving users the convenience they desire without resorting to risky workarounds,” said John Milburn, Dell Security's executive director and general manager, Identity and Access Management. It gives “the security team the confidence they need to keep the organization both safe and productive.”
While several similar surveys of government IT personnel have identified funding as the top barrier to implementing necessary standards or reforms, it was second in Dell’s survey following the lack of awareness of the need for context-aware security. Lack of knowledgeable people and inability to access tools were also listed as barriers.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.