researchHQ’s Key Takeaways:
- Companies are faced with the challenge of a lack of visibility over a growing number of endpoint devices on their network perimeter, making endpoint security a pressing priority.
- Common security risks in private cloud environments include insider attacks, non-compliance liabilities and data theft and leakage.
- Security concerns in hybrid cloud environments include malware and virus infecting endpoints, security “holes” and compliance gaps and API vulnerabilities.
- Public cloud environments suffer from attacks from outside an organization’s reach or visibility, issues which can be largely mitigated by utilising a cloud access security broker (CASBs).
- A centralized endpoint security management solution can allow companies to set policies controlling access, storage and close monitoring of endpoint behaviour to prevent attacks and unauthorized access.
Endpoint security and cloud security were once separate disciplines, but as those technologies have converged so have the requirements and solutions for protecting endpoints in the cloud. This architecture worked well when all employees worked on site at their computers during specific hours. However, once competition, ever-escalating IT costs, and customer demand became a 24×7 necessity, organizations responded by embracing more open, affordable, and accessible IT, including cloud computing.
To remain competitive and responsive, most modern organizations have migrated to some form of decentralized cloud computing to access data and apps anytime, anywhere, and frequently, from any device. This last item of cloud convenience and utility—any endpoint device—complicates cloud security for many reasons, including:
- A growing and evolving list of endpoint devices accessing the cloud. Mobility in the workforce began with laptops, but now includes an array of tablets and smartphones. Especially when considering the growth of the internet of things (IoT), the list of devices and their vulnerabilities is growing.
- Lack of knowledge of the state or contents of bring-your-own-device (BYOD) endpoints. The contents of each BYOD device that is granted cloud access for work may be a complete mystery to IT. What data, apps, and potential security threats lurk on all those connected devices?
- Management and monitoring of endpoint access and behavior. Even if an organization’s security policy dictates an approved list of devices and installed applications, proactive management and monitoring of endpoint access, behavior, and app maintenance is difficult to enforce without the right tools. Organizations need to consider how they can extend security to monitor endpoint access and monitor behavior to ensure protection.
Due to these challenges of protecting the growing number of endpoints, a recent analyst survey of IT professionals found that “64% of external cyberattacks in 2016 targeted a corporate-owned and employee-owned mobile device.”1
Endpoint protection challenges in public, private, and hybrid clouds
A further endpoint security challenge in cloud computing is that endpoint cloud security threats are a two-way street. Threats can originate at the endpoint to attack the cloud, or cloud-based threats can attack vulnerable endpoints. The nature of threats may vary depending on the cloud infrastructure an organization uses (e.g., public, private, or hybrid clouds), and how users access them with their devices. Endpoint protection, therefore, needs to address its connection to public, private, and hybrid cloud architectures.
Endpoint private cloud security
At first glance, endpoints accessing private clouds may seem far less vulnerable to threats than other cloud architectures. After all, the cloud is entirely within the organization’s control—either on site or in a private data center. With private cloud security, however, endpoints introduce the following primary threat vectors:
- In an insider attack, a malicious employee or network guest purposely initiates a cyberattack on the organization, or a connected endpoint inadvertently unleashes a stealth attack from hidden code, a URL, or an embedded command. Typical examples are spear phishing attacks, in which a targeted, credible-looking email launches malicious code. In other cases a disgruntled employee may steal, delete, or destroy data.
- Non-compliance liabilities can occur when endpoint controls are not properly configured, and data privacy—prescribed by law or regulation—is compromised by allowing unauthorized access to information on a private cloud. Security compliance audits, often mandated by regulation, can reveal these non-compliance issues, putting organizations at risk of heavy fines, penalties, and potential lawsuits.
- Data theft or leakage occurs when intellectual property, an organization’s critical data, or security controls are leaked to an outside source, most often by malicious bots hidden within systems and introduced by an unsecured endpoint. Typical attack vehicles include user USB drives, infected files, or users accessing infected websites. However, theft can occur as simply as a malicious user copying or cutting and pasting data.
