Today, mobile technology is a standard method of conducting business. As smart devices become more capable of harboring and transferring information, IT executives are relying on them more and more to contain and transmit sensitive data.
In fact, a recent Forrester report, “Mobile Authentication: Is This My App? Is This My User?” suggests more than half of users (52 percent) now rely on three or more devices. In fact, 60 percent of the devices are used for both personal and business use.
To gain more perspective, Entrust commissioned Forrester Consulting to conduct a survey that explores the adoption and understanding of mobile security. Their report found that 71 percent of respondents either somewhat or strongly agree that desktop/laptop as more secure than mobile devices.
Since mobile use in the workplace continues to rise, it is important to look at what options are available for the storage of such sensitive data in an increasingly insecure world.
This three-part series will examine three evolving methods of storing sensitive information, starting with one approach that is called a secure element.
The Secure Element
While a secure element is found within the hardware of a device, it is segregated from the rest of the chip it resides. This way, information is tamper-resistant and free from the processes that run the operating system itself — which provides increased protection against malicious internal malfunctions that could compromise applications or information stores.
Physically, secure elements are comprised of an integrated circuit, an operating system and whatever application works in conjunction with it to transfer information back and forth. There could be multiple applications that all use a single secure element. Certain applications, such as transportation and security devices, can be used to assist in data transfer from a chip to the element. Information is sent from a handset to a secure device using either a trusted wire or a flexible antenna.
Secure elements are often managed remotely through the use of a Trusted Service Manager (TSM), which connects to the device through a near-field communication (NFC) ecosystem, through radio frequency waves. This remote access allows for authorized users to manage applications from a central system through the secure element, which is a crucial security measurement designed to protect the internal network architecture of a system.
As an early option for mobile hardware security, a secure element is one of the most widely deployed —and trusted sources — for protecting data at the enterprise level. It is both physically and electronically tamper-resistant, which ensures that data stays protected as it is distributed to devices across the world.
Stay tuned for part two of our series as we explore the benefits afforded by a Trusted Execution Environment.
Mobile Authentication: Is This My App? Is This My User?” Andras Cser, Chenxi Wang, Forrester Research, December 5, 2012.
“Mobility Helps Enterprises Enter a New Age,” Forrester Consulting (on behalf of Entrust), April 2013.