Skip to main content

Endpoint Protection in the Cloud Era

November 17, 2015

Over the last several years there has been a major paradigm shift to a cloud computing model for enterprise computing. This new model has allowed a level of service, availability and scale that has never been seen before. As organizations have made the shift, many of the traditional management and security models have been upended and what used to work, no longer does. Today, in 2015, virtually all organizations have some form of cloud application, platform or infrastructure service deployed to their end users. Other more aggressive organizations are living almost entirely on a cloud delivery model.

As the shift has occurred, momentum has been driven for the mobile teleworker to not just be more commonplace but to be the norm. Many cloud services and delivery models are also platform agnostic, only requiring a web browser or light weight app to run. As a result, IT has been faced with new challenges of protecting endpoints that consist of diverse platforms. Additionally, these mobile endpoints may go for extended periods of time without requiring a connection to the enterprise network to consume resources, creating a new challenge for access to manage users.

In the pre-cloud days, remote users could be managed from a VPN connection as it would if the endpoint was directly connected to the LAN from a local corporate connection. By configuring user endpoints to use a full VPN tunnel to connect, all traffic, including traffic intended for the internet would traverse the same network and resources as local devices. This meant that the traffic would also be subject to the same security measures that internal resources would be subject to, from entry to egress. At that time, the amount of remote users was less and there was an expectation that performance may be degraded when connecting remotely.

Today, expectations are different. While backhauling remote users through a VPN would still be feasible, the increased bandwidth demands coupled with higher performance requirements and expectations would make it impractical to backhaul internet traffic through the corporate egress. Furthermore, one of the key benefits is that traffic and resource demands are reduced by outsourcing computing services. If we bring all of the traffic back to the central infrastructure we are defeating that purpose in many ways.

From a security standpoint, the cloud reduces risk by diminishing the need to connect to the enterprise network. In today’s computing world, the endpoint is the number one entry point for malicious code into the corporate network. Obviously, the fewer users that connect to a network, the lower the risk of compromise.  Endpoints connect less, and in many environments, barely at all. But the fact is, regardless of the environment, there is still a need for endpoints to connect to the enterprise network. With that need comes many risks if a compromised endpoint accesses enterprise resources.

However, the fact that users aren’t connecting is often a double edged sword when it comes to prevention and mitigation of malware. Reducing the opportunity for malware to infect an environment is created by implementing cloud computing, but not connecting to the enterprise infrastructure also means that traditional methods for visibility, management and enforcement of security are obsolete.

So how do we protect endpoints that barely connect to the network? The answer, although obvious, is often overlooked. Leveraging the cloud is the key to protecting end-users and endpoints in the cloud connected world. There are a multitude of services today that are dedicated to providing full service user and endpoint protection that are deployed and managed from the cloud. These services range from hosted proxies to cloud based endpoint security. In most cases with endpoint security, as with all enterprise computing, a hybrid approach is generally the best. Many of the leading endpoint vendors today provide cloud services to augment or compliment their traditional enterprise offerings. In other cases, there is API integration between cloud only services and on-premise solutions that allow for a complete solution.

In today’s diverse world environment, architecture and cloud adoption rate and budget is different. Thus all use-cases and requirements are different. The key to being successful is to fully evaluate all of the risks associated with your specific environment. Understanding what assets exist and what level of protection they each require is the critical component to ensuring that the solution deployed will satisfy your diverse needs.

Related Blogs

May 14, 2014

Reducing Risk in the Cloud: What You Should be Thinking About

A few years ago, companies were starting to explore what the cloud was, what it could do, and how it could save them money. Today, companies are adopt...

See Details

December 01, 2016

Cloud Networking... The Preferred Choice for The Future

As our universe becomes more robust and, its inhabitants become increasingly more aware of the stability of WAN, it is most certain that the future wi...

See Details

February 03, 2014

What is the Cloud?

The cloud, aka cloud computing, has many different colloquial definitions, all of which seem to be somewhat different depending on who you are talking...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.