Why the highest walls no longer stand it

Jun 12, 2020

Digital networking optimises production, sales and management of any company, but one should not forget the lessons of the past.

Everyone has heard the legend of the Trojan horse. It is not only the basis for many real martial ruses, but also the origin of the name “Trojan” - the malware.
It is the mythical reminder, that the highest walls and the strongest gates can be overcome with cleverness.

Companies try to get the best security available.
In ancient times security was achieved by high walls, access passes and perhaps security guards. Today, these terms have changed:
Walls are now called firewalls, the access badges are now access data (e.g. passwords), and the security personal is the IT security department.
Of course, not every company used to have security staff, in the past. But at that time the employees and business partners all knew each other personally and any unknown intruder would have been noticed immediately.

Networking but anonymous.

And here we have arrived at a problem of digitalisation.
Nowadays, people all over the world work together. As a result, employees or business partners no longer necessarily meet face to face. All you know about each other, might be the name or the email address. Besides, data is no longer stored securely at a single location, but can be accessed from anywhere, as long as the correct access credencials are used.
These two factors help intruders to access sensitive company data without being noticed, by simply impersonating an employee.
The safety walls can be perfectly high and secure; they can be overcome with a trick - the Trojan horse in one of its present forms.

Networking means “having trust in every employee”

Nowadays, every employee is important for the overall security of the company. A single employee causing a security gap, for example by using an insecure and easy to guess password, weakens the security of the entire company. This small gap can be large enough to be used as access by intruders.

Security specifications and coaching can help to train employees how they should behave to avoid a security risk.
But let’s be honest: There will always be one employee who will unintentionally find a way to break down the security walls. Choosing several different strong passwords and remembering them afterwards is inconvenient and difficult. Therefore, employees tend to reuse passwords, write them down or send them unencrypted.
Only focusing on training does not help here.

The access and what happens behind it

A strong authentication method when entering company software or data is absolutely necessary, but not sufficient.
Imagine, you are checking a guest at the entrance of your company, and afterwards you let him explore the whole building unobserved.
You would never do that? Than don't allow it in your IT system, either.

The strong authentication at the entrance (login) should be combined with a continuous, or at least recurring, verification. This verification should not only rely on the authentication data already checked, but rather pay attention if the visitor behaves unexpectedly.

Verification via individual digital fingerprint

People are the same in many things - and yet each one is unique.
Not only can people be distinguished by their DNA, fingerprints, facial shape and tooth imprints, but their keyboard typing and computer mouse usage are unique as well. Thanks to computers, it is possible to find and evaluate more and more of these unique characteristics - the digital fingerprint - and use them to assign usual daily behaviour to an individual person.

The security for the digital future is based precisely on these assignments. You verify yourself with what you are - with your individual behaviour.
This enables a completely new security basis:
It is not a big problem when for example the PIN of the EC card is stolen, because nobody types it in, as the owner does. Every user who does not use the card in the usual behavior is revealed and cannot access the bank account.
Verification via the digital fingerprint together with strong protective walls bring security to a whole new level.

About VIPFY:
We are a young startup that simplifies and centralizes the increasing complexity of managing, billing and interacting with cloud services. Instead of having separate user management and billing for each cloud service, VIPFY unifies this, and each employee gets direct secure access to the services they need.

Try the VIPFY Business Suite for free.

VIPFY is supported by the CISPA Helmholtz Centre for Information Security and the Federal Ministry of Education and Research.

Nils Vossebein