Challenges of Enterprise Policy Compliance with Smartphone Enablement or an Alternative Solution Based on Behaviour-based User Identification

Current trends show the intense growth in the role and importance of mobile technology (smartphones, tablets, etc.) in business due to economic, social and technological reasons. The social element drives a powerful convenience expectation called “Bring Your Own Device” (BYOD) for taking notes and accessing internal and external network resources. Apparently, the future is leading toward a more extensive enablement of smartphones and tablets with their enterprise applications. Internal security standards along with applicable regulatory ones to achieve ‘policy enforcement’ as types of solutions and controls; however, this allows for merely one aspect of compliance. An alternative solution could be behaviour-based analysis to identify the user, attacker or even a malicious program accessing resources on phone or internal networks. Complex networks can be defined by graphs, such as connections to resources on smartphones and serve as a blueprint. In case the motif is different from the user’s actual behaviour, the company can initiate specific actions to avoid potential security violations. This document reviews the IT security challenges related to smartphones as well as the concept of graph-based user identification. The challenges of the latter are the identification of motif, selection of search algorithm and defining rules for what is considered a good or bad behaviour.