By Sanjay Sawhney, Senior Director of Research at Symantec Research Labs
The technology landscape is rapidly changing into a more mobile and cloud-based world. And in this world, the end user and servers (services provided to the end user) are ‘virtual’ or decoupled from devices, physical machines and networks.
However, there are a few constants:
- The user and server have to share a single root of trust with one another (mutual authentication)
- The data and sharing of the data drives a lot of the end user experience; not the device or the application
- In this evolving technology landscape, who does what with any piece of data is the most important aspect of providing security
- Harnessing the humongous data generated by users, devices, and content repositories in the mobile/cloud world provides tremendous security intelligence
These constants are the guiding principle for a lot of Symantec Research Labs’ (SRL) forward-looking research in developing cutting-edge protection technologies. Recently, SRL discussed these innovation technologies on a road show with media to explain how they address the pressing data and security management challenges.
One challenge has been to ‘right size’ entitlement controls around sensitive data. SRL has developed tools for mining collaborative activity from activity logs to determine what permissions are appropriate for collaborating individuals. We call this SNAP, Social Network Analysis for Permissions. The basic idea is to discover informal patterns of actual collaboration –who produces what content and who consumes it and to what extent. This is a bottoms up approach in contrast to top down approaches such as RBAC, which have never been that successful.
To help with the issue of big data in the consumer world, SRL is testing a personal cloud search-engine service that lets users retrieve content and contact information across all their social networking and public email accounts through one personal-information management portal. The personal cloud search technology would act as a single point of discovery and access control to protect the end-user’s personal information.
On the mobile front, SRL is utilizing a cloud-based app analysis technology to evaluate mobile apps for vulnerabilities, malware and the "grayware" where they simply cannot be trusted. Our goal is to make mobile apps safer for end-users to download and use.
The change to a mobile & cloud world means we are generating and interacting with more data than ever before. Symantec Research Labs is continually developing new technologies to stay one step ahead. We are committed to providing innovative solutions that protect the information of businesses and consumers alike.
For more information about these innovations and others taking place at Symantec Research Labs, visit: http://bit.ly/YTS8P1.