A lot has changed since the creation of the Open Systems Interconnection (OSI) model. The OSI model dates back to the mid-1970s, designed to serve as a common basis for system interconnection and networking. It has been very useful in that regard, but we have to be aware a lot has changed since its inception. The greatest disrupter to this model is cloud computing. With that said, there is still value in the OSI model and how to reduce risk in each layer, as many of our systems today still rely on its design.

What Is the OSI Application Layer?

As the name suggests, the application layer is designed to serve the end user. It is the layer most users will know and see even if they aren’t familiar with the rest of the OSI model layers. All types of services, such as mail and file transfers, happen here. It covers your web browsers, software and almost anything you see on your screen. To be clear, the applications themselves are not always part of this layer, but the services they offer are.

Cybersecurity Threats to the Application Layer

This list can be exhaustive if you start listing all of the different types of malware, because all viruses, worms, key loggers and Trojans do their damage to this part of the OSI model. This is where user ID and password sniffing happen. It’s also where user error happens. That means this is the widest surface area for attacks to happen. Steal data? Yep. Edit data? Of course! Crash an app? For sure! Take down a network? Yes.

Preventing attacks and cutting down on risk at this layer is where most cybersecurity and information security workers spend their time. It’s also what wears them out.

As we have noted before, addressing these issues with the OSI model in mind is more than just tech skills. It’s about behavior, design, knowing business processes and cost resilience. It even involves being aware of the value of our data throughout the life cycle, making it all a risk management issue.

Moving Forward on the OSI Model Journey

The OSI model was not designed with security in mind; as mentioned, it was designed to explain interconnectivity. But the OSI model does allow us to pinpoint where security issues lie. For example, a threat actor — depending on their level of technical expertise — can cause much more damage to the network at the physical level than at the application level if identity and management (IAM) controls are not in place. On the other hand, if your team is guilty of bad coding practices, you can focus in on strengthening your presentation layer.

In other words, use the OSI model as a tool to help you identify where attackers could find a foothold. Fixing the problem can be a whole lot easier if you know where to look.

More from Mobile Security

How the Mac OS X Trojan Flashback Changed Cybersecurity

Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

Switching to 5G? Know Your Integrated Security Controls

5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future? The Benefits of 5G 5G's new use cases come from: Customized network slices…

IAM Secures the New, Perimeter-less Reality

Necessity may be the mother of invention, and it also drives change. To remain competitive in 2021, companies had to transform rapidly. Today, many of us work from home. Remote and hybrid work models have become the new normal. But what about security? In one recent survey, 70% of office workers admitted to using their work devices for personal tasks, while 69% used personal laptops or printers for work. Also, 30% of remote workers let someone else use their work…

Will the Metaverse Usher in a Universe of Security Challenges?

How much do you know about the metaverse? Everyone started talking about the metaverse in the summer of 2021. Facebook CEO Mark Zuckerberg kicked it off with his plan to focus his company on building what he imagined would be the future of social, business, leisure and culture: the metaverse. He even changed the name of his company from Facebook to Meta. Since then, the chatter about the coming changes has been loud. Silicon Valley, the global tech industry, the…