Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home IAMblog Security Vulnerabilities Beyond SSL for Data Driven Security

Beyond SSL for Data Driven Security

At the end of February, Apple released a security patch that addressed a critical bug associated with SSL sessions, which you can read about here and here. Apple explained that without the patch, “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” This being a serious threat, there has been much discussion around how this oversight was missed during the development process, where there would have been several opportunities to catch it before a product release.

But relying on SSL, or any network security, won't solve the growing security issues associated with increased access to banking and other critical content that comes with mobility and the changing way we interact with our most sensitive data. Knowing that a request is valid, and that it comes from the owner of the account that is being accessed, is a growing space in security. Securing the connection is critical, but so is knowing that the actor (in this case, the end user) is who they say they are. Organizations looking to increase security should take advantage of technologies and capabilities related to using data in new ways to create policies and context awareness to add to the security of their applications.