Adapt or Die: A New Security Model Is Taking Hold

by Erik Grueter

What if your software could detect when it was under attack? What if files reported when, where and by whom they were opened?

Intelligent digital assets are behind an agile new security style called Information Based Security.  Developed in response to an increased use of file sharing services, personal devices, and niche business applications. Information security technologies provide security down to the data and application level, protecting data regardless of the network or device it resides on.

This new security strategy employs impressive application interfaces with “immune systems” that can identify malicious attacks, and smart documents that can be remotely managed, encrypted and tracked.

Information Security Technologies are redefining security expectations, delivering security despite increasingly ambitious attacks.

Applications are adapting

Within the Information Centric Security Model, a new type of security system designed to protect applications is becoming popular.

This application security strategy applies multiple security programs in unison. By employing a number of security techniques within a single package, these security systems create a virtual minefield that is difficult for an attacker to avoid.

Cutting edge security companies today offer “Application Immune Systems” these technologies uses anti-debuggers and breakpoints to mask code logic and give developers a chance to view important code to ensure everything is working properly.

Cryptographic hashes are also employed. These programs take short sections of the host application code and monitor it, allowing the program to determine when a change has been made. These detection tools work together, monitoring one another and warning a user when a change has been made.

Application usage has shifted from big programs like Word and Excel capable of performing a huge number of tasks, to a larger number of niche programs that perform specific business functions very well. The huge number iPhone applications built for a very specific purpose is testament to this trend.

Business applications are also shifting to a more fragmented model that relies on API integration to streamline workflow. CRM programs like Salesforce can effectively plug into other applications through an API. But these connections provide avenue of attack. Drawing security around ones API adds additional protection in this fragmented environment.

Interface security can act as a micro perimeter for applications, ensuring transport level security, blocking SQL injections and cross site scripting attacks. Data security can also be applied, monitoring all information passed through an API. This gives managers the ability to redact sensitive content like bank account numbers on their way out the door.

Security drawn around documents and data

Concerned about the security of a specific document once it passes beyond an access point or into an unsecured device? There’s a technology for that.

The importance of affordable, high quality protection on documents and data has never been greater. Verizon reports that nearly 70% of cybercrime victims are small businesses. These companies cannot afford millions in expensive network security software.

Information centric security technologies are moving the industry toward a greater democratization of protection. There are a number of solutions today that provide enterprise level security on documents critical to every business. Customer information, corporate intellectual property and financial data can now be independently protected and tracked at a much lower price point.

Document security applications can imbue sensitive documents with encryption that prevents unauthorized access. These technologies effectively protect documents by requiring user credentials and key information before a document can be read.

Since security information lives in a protected cloud, documents can be securely accessed, destroyed and managed from anywhere. This type of protection is a boon to businesses that have a large number of possibly unsecured devices, or who collaborate and share important information with outside parties.

Smaller more intelligent security is here to stay

Security that lives inside documents? Application security drawn around sensitive entry points? This is the future of security. As consumer oriented technologies take hold in business and companies become increasingly reliant on external, cloud based applications for productivity, security must get small and agile to protect against threats.

Companies that adopt the shrinking security model have increased security, cost savings, and greater productivity on their horizon. 

Erik Grueter is a marketer at docTrackr: A software company that empowers businesses to put the protection of important data first with powerful document security and analytics software. Follow them on Twitter for security news. @doctrackr 

Leave a Reply

Your email address will not be published. Required fields are marked *