Challenges of the Enterprise Policy Compliance with Smart Phone Enablement or an Alternative Solution with Behavior Based User Identification (Review Completed - Accepted)
Current trends show the intense growth in importance of mobile technology (Smart phones, tablets) within the life of the enterprise thanks to economic, social and technological reasons. The Social element drives a strong comformability expectation, one form of which is called ‘Bring Your Own Device’ (BYOD) type of use and access of the internal and external network resources. Clearly, the future is leading toward a more extensive enablement of smart phones and tablets with its enterprise mobile applications. The internal security standards along with the applicable regulatory ones are aiming at ‘policy enforcement’ type of solutions and controls; however this allows for merely one aspect of compliance. An alternative solution could be the behavior-based analysis: to identify the user or an attacker or even a malicious program accessing recourses on the phone or the internal network. It is known that complex networks can be defined by graphs, such as connections on resources on smart phone and set a blue print of the user. Once the motif of the user is not found within the activity graph, further analysis can immediately be issued. This document reviews the IT Security challenges with smart phones as well as the concept of the graph-based user identification.