What is Contextual Security? | Axess Systems
Phone Icon 0345 47 47 740
Axess Logo
Workspace Open Arrow MultiCloud Open Arrow Citrix Open Arrow Partners Open Arrow Why Axess Open Arrow Content Hub Open Arrow Contact Open Arrow
Search Icon Search Phone Icon 0345 47 47 740
Axess Logo

Workspace

Challenges Open Arrow Services Open Arrow
Axess Logo

Workspace - Challenges

Remote and Hybrid Working Open Arrow Mergers and Acquisitions Open Arrow Implementing Windows 11 Open Arrow AI Assistants and LLM to Improve Efficiencies Open Arrow Improving User Experience Open Arrow Device Management Open Arrow
Axess Logo

Workspace - Services

Workspace Health Checks Open Arrow Workspace Advisory & Professional Services Open Arrow Active Directory Health Check Open Arrow Microsoft AVD Health Check Open Arrow Workspace Advisory Service Open Arrow Procurement Open Arrow DEX Monitoring Service Open Arrow Workspace 3rd Line Support Open Arrow
Axess Logo

MultiCloud

Challenges Open Arrow Services Open Arrow
Axess Logo

MultiCloud - Challenges

Cloud Cost Management Open Arrow Recruiting and Retaining Skilled Staff Open Arrow Managing Multi & Hybrid Cloud Deployments Open Arrow Deploying Private Cloud Open Arrow Delivering AI & High-Performance Computing (HPC) Open Arrow Ensuring Backup & Business Continuity Open Arrow
Axess Logo

MultiCloud - Services

Network Health Check Open Arrow VMware Health Check Open Arrow Microsoft 365 BackUp Open Arrow IT Infrastructure Assessment Open Arrow Veeam Health Check Service Open Arrow MultiCloud 3rd Line Support Open Arrow MultiCloud Project Implementation Open Arrow Procurement & Financing Open Arrow
Axess Logo

Citrix

Challenges Open Arrow Services Open Arrow
Axess Logo

Citrix - Challenges

Get More from Your Citrix Investment Open Arrow Implement Digital Transformations Open Arrow Adding Value to Your Organisation Open Arrow Implementing Citrix Support Open Arrow Optimising VDI for AI Open Arrow Improving Citrix Performance Open Arrow
Axess Logo

Citrix - Services

Citrix Managed Support Service Open Arrow Citrix Health Check Open Arrow Citrix Lifecycle Management Open Arrow Citrix Licence Assessment Workshop Open Arrow Citrix Monitoring & Alerting Service Open Arrow Citrix Readiness Assessment Open Arrow Citrix Training Workshops Open Arrow NetScaler Managed Support Open Arrow NetScaler Health Check Open Arrow Citrix Professional Services & Project Delivery Open Arrow
Axess Logo

Citrix - Phase Two

Citrix HPC & AI Platforms Open Arrow Citrix Eco Platforms Open Arrow Citrix Migration Service Open Arrow XenServer Migration Service Open Arrow
Axess Logo

Partners

Workspace Open Arrow MultiCloud Open Arrow CyberSecurity Open Arrow
Axess Logo

Partners - Workspace

Citrix Open Arrow Microsoft Open Arrow Dell Technologies Open Arrow ControlUp Open Arrow IGEL Open Arrow LG Open Arrow
Axess Logo

Partners - MultiCloud

Citrix Open Arrow Dell Technologies Open Arrow HPe Open Arrow Veeam Open Arrow VMWare Open Arrow Nutanix Open Arrow NVIDIA Open Arrow
Axess Logo

Partners - CyberSecurity

Citrix Open Arrow Dell Technologies Open Arrow HPe Open Arrow Sophos Open Arrow Fortinet Open Arrow ProofPoint Open Arrow
Axess Logo

Why Axess Systems

About Us Open Arrow History Open Arrow Meet the team Open Arrow Awards & ISO Open Arrow Social Responsibility Open Arrow Sustainability Open Arrow Join Us Open Arrow
Axess Logo

Content Hub

Events Open Arrow Case Studies Open Arrow Insights & Updates Open Arrow
Axess Logo

Contact

Get in Touch Open Arrow Contact Sales Open Arrow Head Office Open Arrow London Office Open Arrow

Can't find what you're looking for?

Get in touch with our expert team who will point you in the right direction.

Can't find what you're looking for?

Get in touch with our expert team who will point you in the right direction.

Can't find what you're looking for?

Get in touch with our expert team who will point you in the right direction.

Can't find what you're looking for?

Get in touch with our expert team who will point you in the right direction.

Axess YouTube Axess LinkedIn
Back Arrow Back to all

What is Contextual Security?

10 minute read

pexels-tima-miroshnichenko-5380642

In the modern world, employees can be anywhere – and on any device. UK government data shows that more than a quarter of working adults in Great Britain (28%) were hybrid working in the autumn of 2024.

However, though employee habits have evolved, much of IT security hasn’t. Blanket policies are still the norm, but they’re no longer enough.

Contextual security offers IT managers a more modern approach to keeping their data safe.

What is Contextual Security?

Contextual security is a security protocol that adapts protections and access controls based on the context in which a user is operating, as opposed to a one-size-fits-all approach.

The role of context in security monitoring has come into sharper focus following several high-profile cyberattacks – such as one on the Co-op, where hackers impersonated employees in order to bypass defences.

The impact of these attacks can have damage that extends far beyond the attack itself – with the 2024 Hiscox Cyber Readiness Report finding that 43% of businesses lost existing customers as a result.

But contextual security is not a new idea to those working in threat detection. In this post, we’ll cover the key elements of contextual security, different examples of contexts to consider, and the benefits of contextual security for your business...

5 examples of key contexts in security management

1. User context

One of the most common use cases for contextual security involves different types of users needing access to a system. Instead of giving everyone the same level of access, it separates this out. In practice, this means that, for example, contractors can access different resources compared to employees.

It can also note unusual behaviour patterns – such as a user trying to download large amounts of data when they never usually do so.

Use Cases
  • Temporary Permissions: An external consultant can access a specific project brief for a limited time, but can’t access other confidential files or internal human resources documents. Their access is automatically revoked after the conclusion of the project.

2. Device context

Different devices can also be part of contextual security measures. A company can limit access to internal documents to in-office desktops only. This would make them unavailable to those working remotely – while still letting that group see everything else on the system.

Permissions can be based on the security posture of the device – or, how well it withstands cyber threats. A device with updated antivirus software and a recent OS would be less likely to be flagged up than one with a much older operating system and no antivirus protection at all.

Options such as DeviceTRUST (newly acquired by Citrix) provide the real-time contextual data needed to grant or deny access based on the device’s current security state, with the ability to change access within the users’ session if their device context changes. We explored this in our recent podcast How do you secure access without slowing down your people.

Use Cases
  • Security Posture Check: if a user tries to connect to the internal system using a laptop with an outdated OS, it will be flagged as a “vulnerable posture”. Contextual security will either block access, or move the device to a “quarantine” network segment until it’s updated.
  • BYOD Restrictions: A company allows employees to access email and collaborative tools from their personal phones, but sensitive applications or core data systems can only be accessed from company-managed devices.

3. Location context

This is one context that’s changed over the last decade. Whereas previously, contextual security for physical location was just a matter of “in-office allowed, out-of-office not”, developments mean IT Managers can now respond more granularly – altering access for a specific key stakeholder even if they’re on holiday.

Additionally, access can be limited by geography. This is especially important with the recent rise in state-sponsored attacks, as being able to see what country or region someone is trying to access means you can immediately flag up if someone is from a sanctioned country.

And then there’s the network type the person is using. Secure enterprise networks are, obviously, safer than public wi-fi in a coffee shop. Contextual security can make it so that sensitive documents can’t be viewed on a public connection.

Use Cases
  • Impossible Travel Detection: An employee logs into the corporate VPN from one city at 9 AM, and then, five minutes later, attempts to log into a cloud application from an IP address thousands of miles away. The system detects suspicious activity, assumes the account is compromised, and blocks further login attempts.
  • Geo-Fencing Sensitive Data: A company doesn’t allow people from certain high risk countries to access its core intellectual property. If a remote employee attempts to access these files from one of those countries (even if they are a legitimate employee), access is denied.

4. Time context

Attackers know that we’re creatures of habit – and exploit that. If there’s a lot of activity happening when the business is closed, contextual security can investigate it.

Use Cases
  • Unusual Data Export: A sales employee typically accesses customer data during business hours. If they try to export a large amount of customer information at midnight, the system could automatically block the export and notify security, assuming a potential data exfiltration attempt.
  • Automated Process Deviation: A nightly automated task runs at 2 AM. If that task suddenly runs at 10 AM, contextual security would detect this deviation and flag it.

5. Sensitivity of Resource context

This is especially important for those in highly-regulated industries, like banking or healthcare. Alongside the other contexts above, contextual security can cross-reference to see if someone is trying to access sensitive records (like private financial documents) when they shouldn’t be able to.

Use Cases
  • Confidential Data Access: An individual needs access to their assigned project records, but not highly confidential strategic plans.
  • Tiered Information Access: A support representative can view a customer’s basic account balance and recent transactions to assist with queries, but additional authentication is needed for larger transfers.

What are the benefits of contextual security for IT managers and businesses?

As well as celebrating the “hows”, these benefits help demonstrate the “whys” for those still on the fence about the value of contextual security in their current setup.

Works with a growing business

As you can see, there are a lot of ways to use contextual security. Different contexts will come into play as a business gets bigger, meaning it can always provide the type of security the business needs at different stages.

Reduces risk of data breaches

This may seem like an obvious point, but it’s actually a benefit that contextual security can claim over its more traditional cousins. Even when traditional security protocols are updated to fight the latest viruses, social engineering evolves faster. Contextual security helps stop this. It can adapt seamlessly to the threats your business faces without you having to worry about when you’ll next click the update button.

Ease of use

Every employee, contractor or guest wants a business to be secure – but they don’t want to have to go through several layers of checks to make it that way. Contextual security applies protocols only to those who need them, reducing disruptions and improving the overall user experience.

Enables zero trust architecture

Contextual security and zero trust architecture (ZTA) basically go hand in hand. Zero Trust Architecture (ZTA) treats every device and user as untrusted by default. But like the best architecture, it needs solid foundations – and that’s where contextual security comes in. Contextual security provides the grounding for ZTA to make decisions about who gets access to software or files based on factors like those mentioned earlier.

3 examples of contextual security at work

Contextual security is already in use across many industries. See three examples below…

1. Contextual security at Universities

At a university, only faculty in a particular department can view research data or student submissions for that department. The system blocks attempts from outside the department.

2. Contextual security in recruitment

An employee at a recruitment company attempts to access a shared workspace while using their mobile data, rather than the approved Wi-Fi. Due to this, the contextual security blocks their access via an onscreen alert.

3. Contextual security in the Public Sector

A government employee who typically works in the Department for Environment, Food and Rural Affairs accesses files related to national defense. As this is outside the user’s usual patterns, the contextual security system flags it.

With bad actors moving as fast as they are, your security protocols can’t remain static. Contextual security is the next step up, stopping the threats that could derail your business – often, before you even know they’re there...

Protect your Citrix workspace from the latest threats. Find out how your system is doing by using our Health Check services – led by our expert team.

To find out more, read up on our Citrix Health Check. Or, book a free consultation to find out how else we can help you.

Stay in the Know!

Sign up for emails to get the latest news and events from Axess Systems.