Internet security is in a constant state of change. New encryption models are created, tokens placed on computers or even on distributed mediums are in circulation. The Internet security industry is always trying, often without success, to stay one step ahead of those individuals that would like to circumvent an organizations right to maintain the privacy of their data.
Organizations such as financial, medical, insurance, industrial, architectural, governmental, etc. organizations, currently utilize Internet security methods that contain the same inherent weaknesses. For example, most present Internet security methods utilize a logon process that is available online to anyone utilizing the Internet. Upon visiting a website, the user is often presented with an option to “Sign On” by entering information that may include a User ID and a Password. After entering the correct information, the user is presented with one or more browser based online applications. For example, in the banking industry, the user can be offered an option to examine or work with their checking account, savings account, credit cards, etc. However, such freely available and open access to an organization's logon screen and online applications is an invitation to those individuals intent on hacking into the system either just for the challenge of doing so or for more ominous reasons.
As long as an individual with access to a computer and an active Internet connection can visit a website, logon and then be granted use of browser based applications for accessing secure data, the current Internet security models will inevitably fail. In addition to the weaknesses associated with current logon processes, even after a user has successfully logged on to an organization's website, processes associated with data access provided by the browser based online applications present additional weaknesses.
Embodiments of the present disclosure address the weaknesses other security models miss, fail to understand or just ignore. Through the implementation of embodiments of the present disclosure, an organization can not only remove the logon process from their website, but can also remove the entire browser based online process currently employed to read, write or update data.
For example, a bank can remove all screens and processes that allow online banking from their website and still permit their customer online banking privileges through the use of embodiments of the present disclosure. By taking this action the bank can provide a high level of protection to both their customers and themselves.
Effectively, in an environment where the surface area of attacks on secure public servers is the entire Internet, there is a need to limit the attack surface. The difficulty is that secure services and data must be available for public access and yet must use the Internet to deliver content to transient individuals. Virtual software applications, initiated through the use of a serialized distributed medium, as described herein, limits this attack surface to a controlled, easily identifiable group. By limiting access to applications and data to virtual software applications, there is no need to install software or store data on a local computer, no software or data is stored on a distributable medium, and no software or data is available from a browser-based environment.
Moreover, in secured environments, there are times and there is data that no single individual should have a right to access. The embodiments of the present disclosure address that weakness by providing a method wherein in order to access secure data, two or more users are required to access the virtual software application and then through that application, access the secure data.