In this example, let's say Jane really does need to see sensitive information to assist the customer - full cardholder data, in this case. Jane doesn't normally have access to cardholder information, but if she legitimately needs to have access she can apply for an exception by clicking on the redacted field. After clicking an acknowledgement that she assumes all risk for improper use of data, a note automatically goes to her manager via SMS with the details of the requested access exception - saying here's who she's working with and why she needs an exception, with a verbal approval from the customer to specific questions required to enable the exception process. Jane's manager simply clicks "Yes" to approve the exception and it’s added to the approval and audit process.
With the exception approved, Jane types in the one-time approval code and is reminded that everything that she's doing is going to be recorded and logged - and tied specifically to her.
Immediately, Jane receives a notice that her screen is being recorded for audit purposes, her webcam is turned on and remains on for the rest of the session. She is told she has to keep her eyes within the purview the webcam at all points in time or the screen will blank and the session will end. The session will also be terminated if any lenses (outside of pre-authorized prescription glasses) are detected by the analysis software behind the webcam.
Jane must further authenticate and verify her identity by swiping her finger on the reader for biometric identification, verifying that her smartcard employee badge with personal certificate remains in the reader, and her picture is dynamically compared with registered notary-signed images on file. Digital watermarks tied to Jane are placed on all generated documents, messages, on video files and on logs. An audit review is scheduled on her calendar with internal audit for required post exception analysis.
Thanks to the exception, Jane is able to satisfy the customer request, has a very happy customer and returns to normal operating mode. Can Jane still steal this customer's exposed data? Yes, of course. Will she think twice about it - with her name and everything associated with her attached to this exceptional event? Certainly, yes.
Match Security Measures with the Level of Risk
Additional endpoint security measures to consider include Citrix Ready solutions for remote attestation, device fingerprinting, keystroke dynamics and user behavioral heuristics. Ultimately, if the data is too sensitive to be displayed on the endpoint in a particular situation - don't display it. Use tokenization, redaction, watermarking and contextual policy to only allow apps to run and data to be displayed in appropriately secured situations. Contextual policy must consider all of the “5W's of Access” (who, what, when, where and why) in high-assurance situations, requiring strong validation of each factor.