It’s vital that
companies find
a way to protect
sensitive data
without restricting
employees.
the hackers, they blame the company
for not being secure enough. This
means mobile app security has to be a
top priority for any business. A critical
element of mobile app security is having
the ability to track and manage the
phone and app’s machine identities – i.e.
the system of trust which authenticates
and enables communications between
the app and the device it is running on.
If a hacker is able to hijack one of these
identities, they can appear ‘trusted’ to
the app and the device. As a trusted
entity, the hacker could then make
a number of requests, for instance
escalating privileges to steal sensitive
data, spy on the communications, or
gain access to other applications.
to take advantage of, potentially putting
customer data at risk – as demonstrated
by the recent British Airways data breach.
In this instance, a weakness in the BA
app allowed criminals to make off with
the financial data of 380,000 customers,
exposing the company to tremendous
reputational and financial damage. Yet,
shockingly, BA were unaware of the issue
until a third party informed them about
some unusual activity.
Martin Thorpe, Enterprise Security
Architect at Venafi
www.intelligentciso.com
|
Issue 08
Whenever a customer’s sensitive
information is stolen, they don’t blame
In order to secure these machine
identities, businesses must discover,
monitor and control all the machine
identities on their network to make sure
that none are being abused by malicious
actors. Given the number of machine
identities that the modern companies
are dealing with can easily number in
the millions, this means automation.
Automating the process ensures ongoing
validation for all machine identities
on your network – both of apps and
other machines – and allows any
compromised machine identities to be
quickly spotted, revoked and replaced
without any loss of data or risk of
reputational damage. u
75