Endpoint Protection in the Cloud Era

By Lee Gitzes ·

Over the last several years there has been a major paradigm shift to a cloud computing model for enterprise computing. This new model has allowed a level of service, availability and scale that has never been seen before. As organizations have made the shift, many of the traditional management and security models have been upended and what used to work, no longer does. Today, in 2015, virtually all organizations have some form of cloud application, platform or infrastructure service deployed to their end users. Other more aggressive organizations are living almost entirely on a cloud delivery model.

As the shift has occurred, momentum has been driven for the mobile teleworker to not just be more commonplace but to be the norm. Many cloud services and delivery models are also platform agnostic, only requiring a web browser or light weight app to run. As a result, IT has been faced with new challenges of protecting endpoints that consist of diverse platforms. Additionally, these mobile endpoints may go for extended periods of time without requiring a connection to the enterprise network to consume resources, creating a new challenge for access to manage users.

In the pre-cloud days, remote users could be managed from a VPN connection as it would if the endpoint was directly connected to the LAN from a local corporate connection. By configuring user endpoints to use a full VPN tunnel to connect, all traffic, including traffic intended for the internet would traverse the same network and resources as local devices. This meant that the traffic would also be subject to the same security measures that internal resources would be subject to, from entry to egress. At that time, the amount of remote users was less and there was an expectation that performance may be degraded when connecting remotely.

Today, expectations are different. While backhauling remote users through a VPN would still be feasible, the increased bandwidth demands coupled with higher performance requirements and expectations would make it impractical to backhaul internet traffic through the corporate egress. Furthermore, one of the key benefits is that traffic and resource demands are reduced by outsourcing computing services. If we bring all of the traffic back to the central infrastructure we are defeating that purpose in many ways.

From a security standpoint, the cloud reduces risk by diminishing the need to connect to the enterprise network. In today’s computing world, the endpoint is the number one entry point for malicious code into the corporate network. Obviously, the fewer users that connect to a network, the lower the risk of compromise.  Endpoints connect less, and in many environments, barely at all. But the fact is, regardless of the environment, there is still a need for endpoints to connect to the enterprise network. With that need comes many risks if a compromised endpoint accesses enterprise resources.

However, the fact that users aren’t connecting is often a double edged sword when it comes to prevention and mitigation of malware. Reducing the opportunity for malware to infect an environment is created by implementing cloud computing, but not connecting to the enterprise infrastructure also means that traditional methods for visibility, management and enforcement of security are obsolete.

So how do we protect endpoints that barely connect to the network? The answer, although obvious, is often overlooked. Leveraging the cloud is the key to protecting end-users and endpoints in the cloud connected world. There are a multitude of services today that are dedicated to providing full service user and endpoint protection that are deployed and managed from the cloud. These services range from hosted proxies to cloud based endpoint security. In most cases with endpoint security, as with all enterprise computing, a hybrid approach is generally the best. Many of the leading endpoint vendors today provide cloud services to augment or compliment their traditional enterprise offerings. In other cases, there is API integration between cloud only services and on-premise solutions that allow for a complete solution.

In today’s diverse world environment, architecture and cloud adoption rate and budget is different. Thus all use-cases and requirements are different. The key to being successful is to fully evaluate all of the risks associated with your specific environment. Understanding what assets exist and what level of protection they each require is the critical component to ensuring that the solution deployed will satisfy your diverse needs.