The Internet of Things as Inspiration for New SharePoint Security Methods
The hack at Sony Pictures exposed two simple facts: security methods are best undermined by end users and passwords might not be enough to secure company data. We need a better solution.
That’s why I’m excited by the Internet of Things (IoT) – the growing use of devices connected by networks reporting data and the potential it may bring to increasing data security. From tablets to smartphones to exercise devices to the upcoming use of beacons, IoT has the potential to broadcast a massive amount of data. It might also help introduce a new means of securing data through end user governance.
Back in October, Geoff Evelyn (aka SharePointGeoff) wrote “SharePoint and the Internet of Things” where he highlighted the growing use of the IoT and how those using SharePoint should prepare and start building for that upcoming explosion of data. Data that needs to be secure. IoT might be a place to start.
For business and organizations that warrant a high level of security, IoT might seem like a potential breach area. But it could also be the spark of inspiration where IT professionals find new ways to secure data beyond the password.
One suggestion might be to use IoT devices. When the user is near their laptop, their machine sense the device as a first pass of authentication. Then the user would be presented with a password option or other means of security question. Yet, even that simple level of access might be further limited if the end user is in a location that isn’t authenticated by the Bluetooth key on the location where the end user is attempting to access content from.
So say your San Francisco, California-based end user with a Bluetooth bracelet attached to their laptop somehow starts trying to access confidential information while signing in from Sao Paulo, Brazil? Should they or might that be a breach? A simple search might tell security professionals if that end user is in Brazil and take actions to preventing or granting access. Or they could ping the bracelet to see if it is in Brazil. As such, IT or SharePoint administrators might create rules that not only govern when information is accessed or by whom but also where the end user and IoT-connected devices are. For certain content, they might be restricted to viewing only when they’re in one of the organization’s buildings or within the U.S. or the U.K. If that end user doesn’t fit the criteria, they don’t get access.
Building such systems and creating the databases and rulesets that would govern such rules would take time. But the need is clear, we need new ways to secure our systems. The days of IoT are already here, it's time to be inspired to create new security solutions that incorporate that technology into our every day.