Cloud usage has evolved from enterprises debating the benefits and costs of cloud migration to a ‘cloud first’ approach in which SaaS, DaaS and VDI adoptions are driving investment in public and private cloud technologies. Gartner expects more than half of IT spending will focus on the cloud by 2025. Along with this transition to a cloud-based, hybrid work world comes the need to reevaluate and implement security strategies that more closely align with modern work methods.
From the earliest days of anti-virus to today’s multiple layers of security solutions required to protect the continuously evolving threat landscape, we have depended on ineffective, incomplete solutions that rely on a highly reactive model of monitor, detect, and remediate. But with a cloud native approach, we can rethink the current endpoint security model as we shift demanding workloads from the endpoint to SaaS apps, DaaS or VDI environments, and move to a secure by design approach. This mitigates the current ineffective posture and moves us toward one of prevention instead of a reactive response after an incident.
AI Adds to the Threat Landscape
Among emerging threats, generative AI (GenAI) is now on the radar, according to a Barracuda-Ponemon Institute survey of IT practitioners, 50% of whom are alarmed over hackers using GenAI technology “to increase the volume, sophistication, and effectiveness of their attacks.” The report also notes only 39% believe their security infrastructure can adequately protect against GenAI-powered security attacks.
Another research report by Barracuda analyzed 175 publicly reported successful ransomware attacks from August 2022 to July 2023, and in three categories — municipalities, healthcare and education — the number of reported attacks more than quadrupled since 2021.
Successful attacks cost time and money. As cyber criminals become more sophisticated, Barracuda reports it takes only 6 hours for a technically proficient hacker to exploit a vulnerability vs. 427 hours IT teams spend responding to successful breaches.
A Preventative Gameplan
Emerging threats like GenAI require modern security prevention approaches and a new strategy. We must rethink the endpoint since it remains a primary attack vector and the entry point for user-initiated exploitation. This requires adjusting the endpoint security model to one that fully enforces the principle of least privilege, has only the necessary software deployed and has no persistent data across sessions.
This significantly reduces the attack surface and limits many of the common vulnerabilities that are normally exploited. Immediately we remove the opportunity for ransomware and malware – the most prevalent attacks – to be effective attack vectors at the endpoint. The objective is to proactively make it as difficult as possible for an attack to be successful by reducing the likelihood and impact of any single event.
Zero Trust is an essential part of the modern framework by which IT security strategies will be built upon and measured against in the future. Zero Trust shows us that there are key areas to focus on in this “never trust, always verify,” approach. With a large security landscape for IT teams to cover, removing one of the largest and most costly areas from the to do list, the endpoints, allows us to do more with less and take a proactive stance.
A read-only operating system is an important part of this defense. It prevents the OS from being infected by ransomware and malware or as the result of exploits and vulnerabilities allowing compromise of the system. IT security staff will also want to ensure that when rebooted the OS runs integrity checks to flag any anomalies and automatically resets to a known good state.
Data exfiltration is another threat to defend against. Unauthorized copying and transfer of data to the internet from a device is a common vehicle with which ransomware demands are made. Millions of people, and multiple government organizations have been affected by data exfiltration breaches, many through healthcare or financial data being leaked.
Many exfiltrations occur when data has been downloaded to an endpoint, or a connected drive by the user. Once this data is resident on the endpoint it becomes a viable target for attackers to exfiltrate easily. This could be in the form of a downloaded file, screen shots or cached files. The way to prevent this is by seeing that the OS does not permit users to store data locally on their endpoint device. Also, the OS must control external drives that can serve as the path to exfiltration.
The Complete Picture
There’s no shortage of new approaches to security today. Businesses are clearly recognizing the need for change. A thorough preventative defense includes secure access service edge (SASE), Zero Trust and multi factor authentication (MFA).
SASE solutions address the multi-device, multi-location environment, enabling remote systems and devices to access applications where they are, without the inconvenience of routing security checks through a legacy datacenter or private network. Key elements of SASE include SD-WAN and Zero Trust Network Access (ZTNA).
Zero Trust, supported by a secure, encrypted OS, continues to gain favor to add another layer of secure access as users travel throughout cloud-native applications and device locations. As Zero Trust shows us, every area in our architecture is critical. The endpoint must tie into the security measures that are required for ZT across the board. These include the identity, the networking, and the application workloads.
At the endpoint, a secure OS can also integrate federation based single sign-on (SSO) and MFA tools to further contribute to a strong defense, while supporting the needs of the mobile/hybrid workforce. Regardless of the endpoint hardware device, a person can access their virtual desktops and applications using stronger authentication such as FIDO2 hardware devices, avoiding the hassle of passwords.
For employees who travel regularly among devices and locations it is a great productivity benefit as well as another defense tactic. MFA supports Zero Trust by adding more factors of identity confirmation prior to resource access.
While we as an industry are spending a good deal of time adding in security layers, by thinking a little differently at the endpoint (and what the endpoint needs in the cloud first world) eliminating all the most common attack vectors is a suitable place to start. To paraphrase: I ‘ve got ninety-nine problems, but the endpoint isn’t one.
Moving to a Preventative Approach
All organizations are impacted by the effects of lack of prevention: loss of personal data creating expensive data breaches, reputational damage, and loss of business productivity. The heavily regulated financial services industry, held accountable for securing sensitive financial data, is seeking preventative security solutions for that purpose.
A model example is COCC, an organization on the front lines of helping clients better manage and protect data. COCC, a Connecticut-based provider of technology solutions for community banks and credit unions, knows its clients face a balancing act. They must adopt innovative technology solutions that streamline processes, enhance security, simplify operations, and improve user experience, all while managing with limited technical and financial resources.
To improve security and endpoint management, COCC deployed a unified platform that could securely manage and automate delivery of digital workspaces from any cloud and provide granular endpoint control. It also improved security by separating the OS from the application layer, eliminating the risk of data stored on a device being hacked. Combined with backend capabilities from companies like VMware, COCC was able to enhance security and centralize management for its clients, saving its clients the costs of investing in their own hardware or IT resources.
COCC is on the right track, being strategic about the budget to meet client needs, and rethinking the endpoint from a preventative viewpoint. From this foundation, organizations can layer on Zero Trust, secure edge access, MFA and single sign-on to further block threats from the changing, sophisticated universe of threats.
