Endpoint security and cloud security were once separate disciplines, but as those technologies have converged so have the requirements and solutions for protecting endpoints in the cloud. This architecture worked well when all employees worked on site at their computers during specific hours. However, once competition, ever-escalating IT costs, and customer demand became a 24x7 necessity, organizations responded by embracing more open, affordable, and accessible IT, including cloud computing.
To remain competitive and responsive, most modern organizations have migrated to some form of decentralized cloud computing to access data and apps anytime, anywhere, and frequently, from any device. This last item of cloud convenience and utility—any endpoint device—complicates cloud security for many reasons, including:
- A growing and evolving list of endpoint devices accessing the cloud. Mobility in the workforce began with laptops, but now includes an array of tablets and smartphones. Especially when considering the growth of the internet of things (IoT), the list of devices and their vulnerabilities is growing.
- Lack of knowledge of the state or contents of bring-your-own-device (BYOD) endpoints. The contents of each BYOD device that is granted cloud access for work may be a complete mystery to IT. What data, apps, and potential security threats lurk on all those connected devices?
- Management and monitoring of endpoint access and behavior. Even if an organization’s security policy dictates an approved list of devices and installed applications, proactive management and monitoring of endpoint access, behavior, and app maintenance is difficult to enforce without the right tools. Organizations need to consider how they can extend security to monitor endpoint access and monitor behavior to ensure protection.
Due to these challenges of protecting the growing number of endpoints, a recent analyst survey of IT professionals found that “64% of external cyberattacks in 2016 targeted a corporate-owned and employee-owned mobile device.”1
Endpoint protection challenges in public, private, and hybrid clouds
A further endpoint security challenge in cloud computing is that endpoint cloud security threats are a two-way street. Threats can originate at the endpoint to attack the cloud, or cloud-based threats can attack vulnerable endpoints. The nature of threats may vary depending on the cloud infrastructure an organization uses (e.g., public, private, or hybrid clouds), and how users access them with their devices. Endpoint protection, therefore, needs to address its connection to public, private, and hybrid cloud architectures.
Endpoint private cloud security
At first glance, endpoints accessing private clouds may seem far less vulnerable to threats than other cloud architectures. After all, the cloud is entirely within the organization’s control—either on site or in a private data center. With private cloud security, however, endpoints introduce the following primary threat vectors:
- In an insider attack, a malicious employee or network guest purposely initiates a cyberattack on the organization, or a connected endpoint inadvertently unleashes a stealth attack from hidden code, a URL, or an embedded command. Typical examples are spear phishing attacks, in which a targeted, credible-looking email launches malicious code. In other cases a disgruntled employee may steal, delete, or destroy data.
- Non-compliance liabilities can occur when endpoint controls are not properly configured, and data privacy—prescribed by law or regulation—is compromised by allowing unauthorized access to information on a private cloud. Security compliance audits, often mandated by regulation, can reveal these non-compliance issues, putting organizations at risk of heavy fines, penalties, and potential lawsuits.
- Data theft or leakage occurs when intellectual property, an organization’s critical data, or security controls are leaked to an outside source, most often by malicious bots hidden within systems and introduced by an unsecured endpoint. Typical attack vehicles include user USB drives, infected files, or users accessing infected websites. However, theft can occur as simply as a malicious user copying or cutting and pasting data.
Lastly, an organization must determine how its private cloud security interoperates with other corporate data and workloads outside the private cloud. If any data is shared or exchanged, as in many hybrid cloud architectures, additional measures need to be implemented, including integrating endpoint security management with security tools used for the cloud.
Endpoint hybrid cloud security
Hybrid cloud gives organizations the control of on-site private cloud for critical data, yet the scalability and affordability of public cloud for flexible storage, compute capacity, and application development. Therefore, endpoints interacting with a hybrid cloud are susceptible to all the attack vectors of private clouds. Moreover, as hybrid clouds work with both private cloud components and public cloud resources, organizations must also consider attacks and vulnerabilities that their public cloud integration introduces. Hybrid cloud security concerns include:
- Malware and viruses infecting endpoints. Here, an attacker or malware gains access through the public cloud, then moves laterally to endpoints and potentially to private cloud resources. One infected endpoint can also spread malware to other client machines.
- Security “holes” and compliance gaps. This can occur due to a lack of central management tools and no security visibility across the organization.
- API vulnerabilities. Because hybrid cloud often requires custom integration, especially for home-grown applications operating across cloud workloads, unprotected APIs become a soft attack surface.
Therefore, hybrid cloud security is challenging from an endpoint protection standpoint, especially when public-private cloud integration is customized and includes a variety of vendors and applications.
Endpoint public cloud security
Public cloud is highly scalable and inexpensive, yet vulnerable to attacks that lay outside an organization’s reach or visibility. In most public cloud environments, the cloud service provider (CSP) is responsible for providing security only within its cloud. The customer organization is responsible for the security of what they put in the cloud, and what endpoints can access it. Therefore, endpoints are susceptible to all the cloud security issues of private and hybrid clouds, and many more when using public cloud infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS) architectures.
In most organizations, users (and their endpoint devices) rely on multiple public cloud-based applications (IaaS/PaaS/SaaS), such as Office 365, Salesforce.com, Dropbox, and many more. Each pose potential risks. However, each public cloud platform or service may have its own unique security requirements. Integrating and reconciling all these vendor-specific public cloud security requirements can be tedious and complex to ensure they are configured for all endpoints.
In response to the proliferation of public cloud services, cloud access security brokers (CASBs) have developed products to specifically ensure end-to-end security and monitoring to protect endpoints and data in these multi-cloud environments. McAfee MVISION Cloud protects and monitors end user access to multiple popular cloud services, secures sensitive data with cloud applications, and provides protection for cloud applications developed within IaaS platforms like Amazon Web Services (AWS) or Microsoft Azure.
Managing endpoint cloud security
Organizations quickly find that effectively implementing and managing all aspects of endpoint security across multiple clouds requires centralized control, visibility, and monitoring. For these reasons, endpoint security management and governance using a single point of control is necessary in more complex cloud environments. Using a centralized endpoint management solution allows organizations to set policies controlling access, storage, and close monitoring of endpoint behavior. Each of these is critical to stopping attacks and preventing unauthorized data access.
With central governance and control, extensive endpoint coverage, and a well-planned endpoint security policy for guidance, organizations have the means to dramatically reduce risk to not only their endpoint user devices but the entire IT infrastructure.
1 Forrester Data Global Business Technologies Security Survey, 2017.