August 10, 2021 by Admin
A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third-party organization, and it is now being used heavily, despite lacking the following controls:
– Certificate pinning
– Tokenization
– Biometric authentication
The company has already implemented the following controls:
– Full device encryption
– Screen lock
– Device password
– Remote wipe
The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT?
- Enforce the use of a VPN when using the newly developed application
- Implement a geofencing solution that disables the application according to company requirements
- Implement an out-of-band second factor to authenticate authorized users
- Install the application in a secure container requiring additional authentication controls