{"id":104,"date":"2022-11-12T03:40:20","date_gmt":"2022-11-12T03:40:20","guid":{"rendered":"https:\/\/live.21lab.co\/itlab\/?p=104"},"modified":"2022-11-12T03:46:37","modified_gmt":"2022-11-12T03:46:37","slug":"endpoint-security-and-cloud-architecture","status":"publish","type":"post","link":"https:\/\/live.21lab.co\/itlab\/endpoint-security-and-cloud-architecture\/","title":{"rendered":"Endpoint security and cloud architecture"},"content":{"rendered":"\n

Hackers love endpoints\u2014those end-user devices that connect to your enterprise network. With a little ingenuity, bad actors (outside or inside your organization) can access sensitive data through employees\u2019 laptops and smartphones, the office security cameras, printers, and a host of other entry points.<\/strong><\/p>\n\n\n\n

Endpoint security protects your enterprise resources by safeguarding these end-user devices from breach or physical theft. But many organizations are asking how cloud computing fits into the equation. In this brief interview, Pluralsight instructor Terumi Laskowsky (TL) walks through the considerations and responds to frequently asked questions.<\/p>\n\n\n\n

How has endpoint security changed in the era of cloud?<\/h2>\n\n\n\n

TL: A decade ago, organizations typically limited the type of end-user devices that could connect to the corporate network, which gave IT professionals significant control over device security.<\/p>\n\n\n\n

In contrast, cloud involves broad network access, and the possible devices that can access the cloud are growing exponentially and more geographically distributed.<\/p>\n\n\n\n

Gone are the days where equipment lived primarily on a corporate campus, accessed through highly secure VPN connections. Today\u2019s devices often access the corporate network via the cloud, without this enhanced scrutiny in place.<\/p>\n\n\n\n

Many enterprises utilize a hybrid deployment model where the cloud is an extension of on-premises infrastructure. This requires security professionals to consider an ever-growing assortment of endpoint devices, which all represent potential attack vectors and require risk management strategies to protect corporate resources and data.<\/p>\n\n\n\n

How do you protect endpoints?<\/h2>\n\n\n\n

TL: First, it\u2019s important to recognize that a device can be an attacker or a victim. So, you have to plan for both scenarios. How do you protect a device from a cyber attack? And how do you protect your corporate resources against a compromised device?<\/p>\n\n\n\n

You can install an endpoint security solution in a device and control its behavior using an organizational security policy. For example, to protect data leakage from these devices, the security policy could prohibit using USB sticks. Here\u2019s another example: You could enforce whole-disk encryption in case someone loses their end-user devices. This is easier to do if your organization owns and manages the devices.<\/p>\n\n\n\n

However, many employers allow personally owned devices to connect to the corporate infrastructure, especially from the cloud. This complicates the matter. If you allow your company to install an agent on your phone, who has control over your phone? How about your private data on the phone? Is your privacy protected? Organizations need to think through and resolve these questions.<\/p>\n\n\n\n

What should an endpoint protection strategy include?<\/h2>\n\n\n\n

TL: Organizations need to catalog all devices that access corporate resources\u2014from computers and smartphones to IoT devices such as fire alarms, thermostats, the sensors where employees swipe their badges to gain access to your building, and an ever-growing assortment of smart technology.<\/p>\n\n\n\n

Anything that connects to your corporate resources can be a point of entry for a cyberattacker. This means you need a process for constantly updating your inventory of endpoint devices and managing each via an endpoint security corporate policy.<\/p>\n\n\n\n

Your strategy also needs to identify who owns the responsibility for maintaining the security of each endpoint device. In some cases, the answer is IT. In other cases, you\u2019ll need a formal shared responsibility agreement. For example, your facilities team maintains your thermostats. What aspects of security will they be responsible for? And what will IT handle?<\/p>\n\n\n\n

This can\u2019t just be an exercise on paper\u2014a document that sits on a shelf and collects dust. When there\u2019s shared responsibility, both parties need to formally acknowledge they understand their role. And you need an oversight process that periodically audits security for each of the endpoint devices.<\/p>\n\n\n\n

When organizations don\u2019t plan for shared responsibility, security can fall through the cracks.<\/p>\n\n\n\n

\n

Actor Henry Winkler said, \u201cAssumptions are the termites of relationships.\u201d In my opinion, they also are the termites of cybersecurity. A good endpoint security policy clearly articulates who is responsible for the security of each device so there are no assumptions or oversights.<\/p>\nT. Laskowsky<\/cite><\/blockquote>\n\n\n\n

How does the cloud deployment model affect endpoint security?<\/h2>\n\n\n\n

TL: Here\u2019s a rule of thumb to consider when planning your cloud strategy:
Complexity increases overall security risk\u00a0and complicates endpoint security planning.<\/p>\n\n\n\n

If 100% of your corporate resources live in a private cloud (single tenant = you), your endpoint security planning is easier than with a multi-tenant public cloud.<\/p>\n\n\n\n

When you have part of your corporate resources in one spot\u2014say, an on-prem data center\u2014and the rest with a public cloud provider (a hybrid cloud approach), you need security planning for both sets of resources. The complexity of connecting the two increases the risk of security vulnerabilities. Same with\u00a0multicloud, where you\u2019re utilizing two or more public cloud providers.<\/p>\n\n\n\n

Each of these models requires a different level of effort to manage security risk.<\/p>\n\n\n\n

What are endpoint security best practices when the cloud is involved?<\/h2>\n\n\n\n

TL: Applying security controls to the endpoint is just one step. Organizations must also apply security controls to the critical resources, such as network, database, email systems, to detect and neutralize insider threats.<\/p>\n\n\n\n

Second, corporations must beef up their detection of malicious behavior patterns in their infrastructure. This will help them respond to threats faster and isolate the internal threat agent quickly. This response can also update the security policy to enhance the security of all endpoint devices\u2014features normally part of endpoint detection and response (EDR) solutions.<\/p>\n\n\n\n

Third, have strong ingress (protection from incoming attacks from endpoints on the Internet) and egress (protection from exfiltration of data from the corporate network) filters. The best move: pair egress filtering, also known as DLP (data loss prevention) solutions, with endpoint security.<\/p>\n\n\n\n

Fourth, apply attribute-based access control so that if an end user is connecting using an approved device with endpoint protection implemented from an approved location (i.e., attributes), they\u2019re given greater access compared to those accessing the Internet using non-standard devices.<\/p>\n\n\n\n

And finally, continue to use traditional protection of the endpoint itself if possible. We\u2019re talking solutions such as strong encryption, anti-malware detection, host-based firewall, host-based intrusion detection and prevention, and remote-wiping capability.<\/p>\n\n\n\n

How do cloud providers help with endpoint security?<\/h2>\n\n\n\n

TL: Your stakeholders entrust you to protect their data. So, you need to own your security plan. While major cloud providers offer various endpoint security solutions, it\u2019s vital to think of\u00a0cloud security as a shared responsibility\u00a0managed by you. Your organization\u2019s reputation is on the line. You have bottom-line responsibility for security.<\/p>\n\n\n\n

Via: https:\/\/www.pluralsight.com\/<\/p>\n","protected":false},"excerpt":{"rendered":"

Hackers love endpoints\u2014those end-user devices that connect to your enterprise network. With a little ingenuity, bad actors (outside or inside your organization) can access sensitive data through employees\u2019 laptops and smartphones, the office security cameras, printers, and a host of other entry points. Endpoint security protects your enterprise resources by safeguarding these end-user devices from […]<\/p>\n","protected":false},"author":1,"featured_media":107,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[29],"tags":[39,28,23],"class_list":["post-104","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cloud","tag-cybersecurity","tag-technology"],"acf":[],"_links":{"self":[{"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/posts\/104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/comments?post=104"}],"version-history":[{"count":1,"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/posts\/104\/revisions"}],"predecessor-version":[{"id":105,"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/posts\/104\/revisions\/105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/media\/107"}],"wp:attachment":[{"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/media?parent=104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/categories?post=104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/live.21lab.co\/itlab\/wp-json\/wp\/v2\/tags?post=104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}