alex_aldo - Fotolia
Is a security cloud service your best endpoint defense?
Cloud technologies often have a bad reputation when it comes to security, but that may be unfair. Is the cloud the best answer for securing the endpoints in your enterprise?
Cloud technologies often have a bad reputation when it comes to security. Many people are reluctant to store their sensitive data in a public cloud because they do not trust the cloud provider to provide adequate security. Unfortunately, what these people aren't considering is that all our technology usage involves trust: in the hardware vendors, the operating system providers, the application developers, and others. Singling out cloud providers for weak security is unfair, especially when using their services can actually help an organization improve its endpoint security by better securing sensitive data.
Three approaches to security, cloud
Today there are numerous approaches to cloud that can help improve endpoint security. Here are three examples:
- Third-party encryption services for secure cloud-based file storage and sharing. Countless file storage and sharing providers, such as Dropbox, Google Drive, and Apple iCloud, store files in the public cloud in addition to or instead of storing the files on endpoints. Some of these providers strongly protect user files, while others either do not provide enough protection or retain access to encryption keys, thus granting insiders unauthorized access to customer data. As a result, many organizations choose to add third-party encryption services that provide strong protection for user files, but do so in a way that still allows easy use of file storage and sharing while preventing the storage provider from accessing the contents of the files.
- Cloud-based data backup services. These services allow user endpoints to back up their data files to a cloud-based service for future recovery operations, if needed. If an endpoint is lost, stolen, damaged, or otherwise inaccessible, its data is easily recoverable if it was copied to a cloud-based backup service. The use of such services can be fully automated so that they do not rely on users acting to initiate regular backups.
- Cloud-based password management utilities. Password management utilities securely store passwords on behalf of individual users. These utilities can generate and store complex random passwords that are unique for each account the user has, which minimizes the possibility of an attacker guessing or cracking passwords, as well as reusing a stolen user credential to access other accounts. With password management utilities that are based in this type of security cloud, a user’s passwords are available to that user no matter what device is being used, saving the user from having to manually synchronize stored passwords across devices.
Before making the leap to an endpoint strategy
Before using any of these approaches, it is important to ensure that they are reasonably secure. For example, cloud-based security strategies must ensure that network communications between the endpoint and the cloud, as well as all sensitive data stored in the cloud, are encrypted. If such security cloud measures are lacking, an attacker might easily be able to intercept communications or access stored data and steal passwords, sensitive files, and other information.
Another important security measure is multifactor authentication. Requiring its use is especially important for cloud-based password management utilities, but it strengthens the security of nearly any cloud-based resource when compared to using passwords only.
Finally, all passwords for these solutions (whether alone or part of multifactor authentication) should be strong and unique, and they should be changed periodically so as to limit reuse if they are compromised.
It's also important to be aware that while some cloud-based solutions can help improve endpoint security, they do not reduce the need for using standard endpoint security measures, such as endpoint security suites and antimalware protection. Protecting the endpoints through operating system and application hardening, vulnerability management, and other security controls is still a vital component of enterprise security.