I'm in the Cloud so do I Really Need End-Point Security?
November 9, 2016
I once had a conversation with an interesting man who asked me the following question:
"Are you solving yesterday’s problems with tomorrow’s solutions, or tomorrow's problems with yesterday's solutions?... "
(Translation) I am not buying whatever your selling. This comment was aimed directly at IT security encompassing end-point and on-premise network security. But the question certainly made us think about this point some more.
Essentially, this person was insinuating that everyone is moving to the cloud so who cares about on-premise IT security and compliance (end-points, networks etc.) With the advent of cloud apps and mobility, the weakest link is now really THE CLOUD.
This is a common misnomer but is NOT 100% TRUE! Here are some reasons describing this...
1. End-to-End vs. Weakest link
In the fight against cyber hackers, an end-to-end security strategy is the best defense. Despite most popular belief, end points and local networks are most often the weakest link in such a plan. There are several documented incidents, wherein hackers have gained access to end point devices through unsecured apps or even just unsecured USB ports on a laptop. Remember, DropSmack? For those of you who have not heard of this malware, Dropsmack was a widely documented service (a few years ago) that exploited vulnerabilities in the popular Dropbox file sharing app. This is an important fact to consider, especially when many feel a false sense of security with apps and data in the cloud. Well, with Dropsmack hackers were able to steal information stored in the infected machine’s Dropbox folder. In another instance, hackers gained access to PCs using something as simple as the USB thumb drive. By connecting an infected thumb drive to a USB port on a laptop, hackers were able to inject malware into the end-point device. The malware decoded key strokes, this, coupled with information such as frequently visited websites, allowed hackers to gain control of cloud accounts. So, think again!
2. Any data is a treasure trove of information
Here is a common fallacy that if your data is stored in the cloud, your end-point devices don’t have any data worth stealing. Let me dispel this thought with a simple question. Many of us use email programs like Outlook, right? Have you ever wondered, how you are able to access emails on your laptop even when you don’t have internet access? You guessed it. Your device keeps a local copy of the cloud data. Many applications share a similar feature and therefore access to the end point allows access to the cached data. And, this does not include any documents that might be storing locally because you deem them to not be important. In a hacker’s mind, there is NO such thing as bad data!
3. Regulation demands it (SEC/FINRA, HIPAA…)
It’s no wonder that regulatory bodies have a very simple philosophy when it comes to cyber-security examinations. For instance, in the case of SEC/FINRA or HIPAA audits, a specific directive states that the examiner may ask for a financial firm to produce the end-to-end data flow as well as access pattern of information including the identification of all networks and devices in the chain. Once this data is gathered, an attempt to identify the most vulnerable devices and networks is made. So whether you are using a cloud desktop, a physical desktop or just a mobile app, regulators want to see a comprehensive security plan for the end point device, the network as well as the application. And, just to re-iterate Cloud Desktops or Terminal Services are NOT exempt!
4. NO substitute for smart and automated end-point and network monitoring
Don’t plan on redeploying your IT budgets to marketing, just yet. Investing in tools to help identify end-point and network vulnerabilities is a good thing. Furthermore, signing up for a service to maintain a constant state of vigilance is the best thing you can do as a business user. Remember, hackers don’t sleep and you cannot compete against persistent attacks by taking a spot check approach. Remember, the potential losses in case of a breach event could be staggering compared to the pro-active investment upfront. There is NO substitute for end-point and user behavioral analysis. Peace of mind and a state of elevated security is PRICELESS.
So, here is my answer. We are solving tomorrow's problem's with tomorrow's solutions. Zero-day attacks and APTs are growing in the BYOD (bring your own device)and IOT (internet of things) world and so is regulatory oversight. And, end-points or access networks are NOT immune. So, stay vigilant! Stay cybersafe!