Endpoint Security Extends to the Cloud

The notion and definition of endpoints have evolved with the increased adoption of cloud computing and the virtualization of IT resources. Not long ago, endpoint security was only about securing the devices connected to an enterprise network. The increased use of personal devices at work introduced another acronym – BYOD (Bring Your Own Device). But today, as almost every device is connected to the cloud, to consume cloud services, the fundamental thinking about endpoint security changes; it certainly extends to the cloud, and that needs to be an important consideration when formulating endpoint security policy. Here are five reasons to support this statement.

By Brian Pereira, Principal Editor, CISO MAG

1. It’s a two-way street – The threats to IT infrastructure could come from the endpoints. A device with out-of-date software or no antimalware, and a careless user could open a can of “worms” that could crawl back to the private or public cloud (upstream) and then spread laterally, infecting other devices on the network. But the threat could also come from the Internet itself. A compromised service, malicious scripts, cross-site scripting, misconfigured S3 buckets that may have been infected; poorly configured cloud resources – could all infect the endpoint (downstream). Both the cloud service/resource owner and the endpoint user/administrator are equally responsible for securing the endpoints.

2. CASB – Cloud Access Security Broker is the way to ensure proper security in both directions (upstream and downstream). It is a software that acts as an intermediary between users and cloud service providers. McAfee, a pioneer in CASB technology, says CASB allows an organization to extend its security policy from on-premise infrastructure to the cloud — and create new policies for cloud-specific context. This includes SaaS, IaaS, and PaaS environments across public, private, and hybrid clouds.

3. Now even the Cloud has endpoints – Before cloud, we had physical resources like servers, storage, networking switches, and clients (PCs and Workstations) and we had to secure them. But today, resources are abstracted; we have virtual equivalents. For instance, physical network interface cards (NICs) on physical servers and nodes today have VNICs (virtual NICs) in the cloud. These are logical instances. Likewise, we have virtual switches vs. physical network switches. And APIs vs. cables, and physical connectors. Welcome to the Virtual world! These virtualized resources are on virtual networks in virtual private clouds. And these networks are organized into subnets. So you could have virtual instances (virtual machines), load balancers, storage, network connectivity within a subnet. A subnet is secured through ACLs (Access Control Lists) that defines who or what is allowed to access resources within that subnet. So, it boils down to good configuration. And that’s where managed endpoint security services come in.

4. The cloud is getting decentralized – With the advent of the pandemic, workforces became decentralized. IT infrastructure also had to keep up because it was not easy to administer distributed endpoints (outside the corporate perimeter) using traditional IT administration. So, the cloud began to get decentralized. The endpoint devices are now getting virtualized (VDI) to ensure better security and control for distributed (work from home) users. For years, organizations have been using VPNs to ensure secure communication between remote endpoints and the corporate network

5. Edge computing – In the years ahead we will see applications that demand real-time processing (closer to the endpoint or on the endpoint itself). The cloud will extend back into the enterprise. The endpoints will be connected to the cloud through high-speed connectivity like 5G. So, endpoint security will once again be redefined.

Conclusion

Over the years, endpoint protection has evolved from prevention (antivirus, data encryption, intrusion prevention, data loss prevention) to detection and response (EDR). So we now have various types of endpoint security and endpoint security tools and endpoint services. Moving into the future, with the proliferation of edge computing and high-speed connectivity, the cloud and the endpoints will be viewed as one seamless infrastructure. The focus will shift from securing endpoints to securing “workloads” and infrastructure. It would be “intrinsic” security with analytics and predictive capabilities. The industry acquisitions (notably VMware’s acquisition of endpoint security vendor Carbon Black²) are testimony to that – with billions of dollars spent on these acquisitions.

---