Contextual awareness is a key method of securing access to networks by multi-device mobile users, Pippa Kitaruth, senior marketing manager UK and Northern Europe, Aruba Networks, an HP company, explained to SC Magazine UK editor-in-chief Tony Morbin in this video interview.
Contextual awareness in a security context is when the network is able to determine individual parameters of the user such as their role, device used, location, time used, and apps being sought or used – allowing the enforcement of a set of policies based on these attributes.
For example, Kitaruth explained that Aruba had conducted a survey which identified the usage habits of the biggest mobile users, dubbed ‘genmobile', who were typically younger (18 to 35) and expected seamless access to the network from any device and any location. They are productive but often a security risk as they are prone to share everything, including passwords, and are indifferent to risk, seeing it as the responsibility of IT specialists. They are also more likely to disobey their boss to access productivity tools. Consequently, organisations need to use this understanding to set policies based on what the users need to do, from where and what device.
While 25 percent of respondents expect a company to provide their mobile device, 33 percent prefer to buy their own, so BYOD policies need to include different parameters based on the employee, with adaptive IT models based on contextual data gathered.
Whether wired, wireless or VPN, the issue is understanding what the employee wants to do, and changing the workflow to accommodate the purpose and applications being used.
The most important lesson for organisations' information security, says Kitaruth, is educating the workforce to understand that security is important to what they do, to get them to understand the reason for the policies. And where possible, don't hinder employees from doing what they need to do, in the way they would normally choose to do it.