Best practices for endpoint security in the cloud
An endpoint security strategy is critical in any enterprise IT environment. For organizations with cloud deployments, however, those strategies can be especially complex.
Admins, for example, must consider the nuances of endpoint security in different cloud computing models, such as private, public, hybrid and multi-cloud. What’s more, due to an increase in remote work, the number of endpoint devices that connect to cloud resources has grown significantly. Security teams must account for a large and broad array of end-user devices as part of their IT protection strategy.
Fortunately, industry best practices and tools continue to evolve to specifically address endpoint security in the cloud.
From a security standpoint, endpoint devices have been worrisome since computer viruses were passed around on floppy disks. Antivirus software was the first type of endpoint protection. Security professionals discovered they could protect endpoints at the network perimeter via local antivirus software. Over time, this evolved into more modern endpoint protection platforms (EPPs) that support antivirus, firewall and encryption capabilities on each PC. IT vendors then developed more sophisticated endpoint detection and response (EDR) platforms, such as Sophos Intercept X, SentinelOne Endpoint Protection Platform and CrowdSec. These platforms extend EPPs with tools for behavioral analytics, anomaly detection and streamlined updates. With these endpoint protection tools, IT admins could properly manage the security perimeter. Even when employees would connect to IT resources from home, they typically did so on a managed corporate laptop via a secured VPN. The cloud has changed the endpoint protection market in two key ways. First, it provides a staging ground for new endpoint protection offerings. And, second, it expands the security perimeter from the enterprise boundary to all devices connected to the cloud. Traditionally, security teams concentrated their efforts on the outer shell of their environment and strictly regulated the traffic flow from external parties to internal resources; security and hardening practices for internal endpoints were a lower priority. “This model has been turned on its head, given the nature of public cloud computing,” said Bryan Harper, manager of Schellman & Co., an independent security and privacy compliance assessor. With the public cloud, admins should approach endpoint security under the assumption that all endpoint devices could be accessible to external parties, Harper said. It’s also important to consider how cloud services potentially increase the attack vector. As the cloud becomes an extension of corporate infrastructure, there are additional avenues to enterprise resources from a greater number and variety of endpoint devices, said Terumi Laskowsky, cybersecurity instructor for DevelopIntelligence, a Pluralsight company and technology training service provider.
The first step to address these challenges and to ensure endpoint security in the cloud is to take an inventory of devices. “If you don’t know what you have, it is impossible to secure those endpoints,” Harper said. A cloud endpoint protection strategy should identify all endpoints that connect to corporate resources. PCs, smartphones and tablets are generally in this group, and they must be controllable via an endpoint security corporate policy. In addition, consider IoT devices, such as security cameras and network-connected printers, as these can also pose a risk, Laskowsky said. Have a clear understanding of which teams are responsible for the security of certain devices.
