What’s in Your BYOD World? -- Security Today

What’s in Your BYOD World?

Biometrics is key to network-centric security

By Michael Harris
May 01, 2013

What's in your BYOD world? As network security professionals are acutely aware, they must be continuously vigilant to meet the ever-evolving threats driven by the bring your own device (BYOD) trend that is extending the network outside the office. BYOD-related concerns about mobile security reach across private and public markets. Fortunately, the salvation for security pros can be found in the latest innovations in multifactor authentication using biometrics. By enabling multi-ifactor authentication anywhere, anytime, biometrics allows both security and privacy on the network.

As we all know, mobility is the key trend driving today’s biometrics market. Mobility means putting data and network access everywhere. Long gone are the “good old days” in the enterprise with stationary datacenters or networks confined to the office. Even when people started teleworking, it was relatively easy—compared to the current situation—to secure laptops and the network.

Now we are dealing with a host of BYOD devices, including smartphones and tablets, that are not standardized and much more difficult to integrate. In fact, with so many operating systems and data platforms, it is no longer possible to maintain standard integration and data profiles.

But, as every network security professional knows, the shift in the mobile communications industry toward increased convenience and personalization cannot be stopped. We have to find a way to work across these platforms and tie convenience to security.

Hard Look at Server Access

With illegitimate mobile access becoming the biggest threat to network-centric security, a primary challenge is hardening access to the server by identifying and authenticating the end-point access. To prevent tunneling into our systems and to ensure our data’s integrity, we must make sure those accessing the system are legitimate.

At the same time, we are dealing with a network that has now exploded outside the office. It’s everywhere. Increasingly, data is no longer maintained on the server and is vulnerable to illegitimate access. The threats that can compromise data seem to multiply daily; any number of users could have an infected email client, malware apps could be injected into the network or there could be people on the network who are just plain subversive. So the key becomes authentication of programs on the network and people who are on it.

At the same time, privacy remains a paramount concern. People who are on company-issued mobile devices and have company data running on platforms for personal use want to know how the network can differentiate their private data from company data.

Data integrity is another network-centric security issue. It used to be that data sat on the server. Now it’s sitting on tablets and smartphones. How do we maintain its integrity?

The good news is that all the network-centric security needed for mobile data platforms can be implemented with technology available today. The bad news is that, historically, increased security has usually meant increased inconvenience to the end user.

Nuts and Bolts of Secure Network Access

Experienced network security professionals know that access to the back-end network of the corporate enterprise should always be done through a virtual private network (VPN), the encrypted tunnel running through a hardened conduit called the secure socket layer (SSL). Integrity of the VPN is ensured by the SSL’s encrypted protocols.

On the other end is the user’s tablet, smartphone or other mobile device. Access is enabled by use of certificates as part of a Public Key Infrastructure (PKI), a compilation of hardware, software, individuals and guidelines to develop, manage and disable digital certificates that provide secure network access from a user’s device. The PKI contains a private key that binds the public keys with their correct (and unique) user identities via a certificate authority (CA). The private key is then used only by the user based on his or her secret code or password, and the PKI operates as the authentication channel that binds to a registration authority (RA) to ensure the public key correlates directly to the user’s identity to allow the user secure network access.

The next layer of network-centric security issues is presented by the device themselves. Delivery of secure access and services to mobile devices depends on application of strong multifactor user authentication. Proof-positive authentication should comprise some combination of what you know (password or PIN), what you have (ID card or token) and who you are (biometrics). The more factors, the better.

Passwords alone are never adequate because they can be easily compromised. While solutions combining password/PIN and ID card/token are often considered strong enough, only biometrics can provide absolute proof that a person is who he or she claims to be.

Biometrics Basics

Biometrics is perhaps the most innovative approach to implementing security on mobile devices. Fingerprinting, the most common and most secure biometric, is strongly supported by standards developed by the National Institute of Standards and Technology (NIST).

Biometrics not only provides convenient security, but incorporating multimodal biometrics can make the network practically impenetrable by unauthorized threats. Fingerprinting can be supplemented by iris recognition, face recognition and a series of less common modalities.

Anywhere, Anytime Authentication

Introduced by Precise Biometrics in June 2012, the Tactivo casing for smartphones and tablets enables multilevel authentication for mobile devices, anywhere and anytime.

This is a combination smartcard and fingerprint reader for the iPhone 4 and 4S, as well as the iPad. Connected directly to the device and designed specifically to complement the Apple design, the case provides both a smartcard and fingerprint reader to protect against unauthorized application access. Together with special-purpose apps, Tactivo enables companies and government agencies to maintain a high level of authentication and security when employees use mobile devices to access sensitive information.

Tactivo enhances the security features already available in iPhone and iPad devices. For example, using the BioSecrets app, Tactivo is able to store passwords and other sensitive information within a biometrically secured container on the iPhone 4S, iPhone 4, iPad 2 and the new third-generation iPad.

How IT Works

Tactivo makes the end point—smartphone, tablet or other mobile device—a trusted access point. It enables convenient security, making it easy to pick up the iPhone or iPad, swipe your finger and authenticate the device. By using PKI and a smartcard certificate, the app provides the strong front-end authentication needed to establish a secure session through the SSL, enabling access to the network datacenter via the VPN.

It provides two-factor authentication with biometric and smartcard/ hardware security modules. Smartcards, with their integrated circuit chip, can be used to perform the biometric authentication directly on the card. By doing that, it gets behind its own firewall and is impervious to malicious code or attacks without compromising personal biometric data.

In addition, the app is supported by a portal called idApps.com that provides information on a growing directory of available apps. At the same time, the iOS toolkit will expand to support a variety of biometrics to continue to be convenient and easy to use.

The iOS toolkit enables developers to implement self-contained authentication or integrate with third-party identity managers and service providers. As a result, the app can be used with a virtually unlimited number of apps.

The Precise iOS toolkit enables iOS app developers to integrate smartcard or fingerprint authentication, or both. Smartcard and fingerprint functionality can be integrated separately or together to replace passwords or PINs, enhancing convenience and increasing security. App developers also can combine these authentication methods with other iPhone and iPad features such as GPS.

The iOS toolkit is designed to make integration as straightforward as possible. It has a simple API and, to ensure short development time, sample implementations for smartcard integration and fingerprint enrollment/verification are included. This functionality can be directly integrated into other apps.

Supported by the iOS toolkit, Tactivo has the potential to evolve with and adapt to changing market needs. For example, solutions can be developed to verify card integrity and authenticity; verify cardholder identity; control access to applications or application data stored locally on the device; and facilitate access to Web and cloud services. In addition, because Tactivo supports government smartcard credentials including CAC, PIV, PIV-I and TWIC, the iOS toolkit is well-suited for developers targeting the government segment.

This article originally appeared in the May 2013 issue of Security Today.

Featured

Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now
- Cybersecurity
ASIS International Introduces New ANSI-Approved Investigations Standard
- Guard Services
Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now
- Cybersecurity
Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now
- Cybersecurity
AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Luma x20

Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”
QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.