Keep consumer data confidential

Financial enterprises have learned that they must extend security out to the end-point device to protect consumer data. Many SSL-based online banking applications will perform a pre-authentication configuration check, establish a protected environment for sensitive transactions and then clean up residual data caches upon session teardown. These features are completely transparent to the end-user. Few enterprises deploy these basic security mechanisms to protect disclosure or theft of confidential data. Vendors report adoption rates consistent with the following SSL profile:

1. Half of SSL deployments enable pre-authentication configuration checking. This includes NAC-ish features such as checking for enabled security software (AV, FW), the presense of unauthorized applications or suspicious registry settings.
2. Under a quarter clean caches and other temporary stores upon session teardown. Cache cleaning involves temporary files, history files, cookies, other remnants of the user session.
3. Less than one tenth establish a protected workspace. A protected workspace shields the data against loss by key loggers, memory mappers, screen scrapers, trojans or other forms of spyware.

There is no good reason why more organizations do not deploy transparent security for the duration of an SSL session. Aventail, F5 Networks, and Juniper Networks all have this capability today, iPass and Fiberlink supply these features as part of their remote connectivity services, and there are agent-based approaches from Check Point, Cisco, Microsoft and Symantec that consumers can use to protect themselves. The technology works, and the leading SSL appliance vendors make it simple to deploy. The above adoption rates are unacceptably low. Enterprises can and should do more to keep consumer data confidential.