Privileged Identity Management (PIM) is an essential security practice for businesses using the cloud. It focuses on securing and managing privileged accounts and access rights within an organisation. In this blog post, we will explore the importance of PIM for businesses, particularly those using the cloud, and why every business should consider implementing it as part of their comprehensive cybersecurity strategy.
What is PIM?
PIM refers to the processes, policies, and technologies used to manage and secure privileged accounts and access rights within an organisation. Cybercriminals often target privileged accounts as a means of gaining access to sensitive information and systems. PIM aims to reduce the risks associated with privileged accounts by providing a central solution for managing and securing these accounts. It involves identifying, managing, controlling access, and monitoring privileged account activity.
Importance of PIM for Businesses
Privileged accounts are a prime target for cybercriminals, and a breach can result in severe consequences, including data theft, business disruption, and reputational damage. PIM is essential for businesses because it helps to mitigate the risks associated with privileged accounts. By implementing PIM, businesses can control who has access, monitor, detect and respond to suspicious behaviour, and reduce the impact of a breach if one occurs.
Why Every Business Using the Cloud Needs PIM
Cloud computing has transformed the way businesses operate, providing flexibility, scalability, and cost savings. However, the cloud also presents new security challenges, particularly when it comes to privileged accounts. Cloud environments typically have many privileged accounts that can access critical resources, making them attractive targets for cybercriminals. PIM is especially important for businesses using the cloud because it provides a central solution for managing and securing privileged accounts across all cloud services and platforms. With PIM, businesses can identify and manage privileged accounts, enforce access controls, and monitor activity. Implementing PIM in the cloud can also help businesses to meet compliance requirements.
Conclusion
PIM is a critical component of a comprehensive cybersecurity strategy, particularly for businesses using cloud computing. By implementing PIM, businesses can manage and secure privileged accounts, control access to critical resources, and monitor privileged activity. PIM can help to reduce the risk and mitigate the impact of a breach if one occurs. Every business using the cloud should consider implementing PIM as part of their cybersecurity strategy to protect against the growing threat of account breaches.
The risks of – and the potential fallout from – a cyber-attack is enough to keep any company director awake at night.
The costs of a breach can be huge, costing UK enterprises an average of £4.09 million per breach, according to IBM’s Cost of a Data Breach study.
These figures are not surprising when you consider lost productivity and revenue, response, forensics, recovery, communications, data breach fines, and various other costs. Even a company with 100 employees can be looking at hundreds of thousands of pounds, just to get back to where they were before an event, such as from a ransomware attack.
Together with the significant reputational damage that can follow a data breach, the level of risk and likelihood means that most organisations have some form of cyber insurance to cover these substantial costs.
But as the number of cyber insurance pay outs grows, insurers are looking at ways to not pay out, or at least not for the full amount of damage. This is understandable in cases where a board has been negligent and not managed the risks, just as a motor insurer would not pay out where a driver had failed to get an MOT or put road legal tyres on their car.
Your responsibility to control risk
All cyber insurance providers expect policy holders to take responsibility for evaluating and mitigating risks.
Insurers expect best-practice cyber security controls to be in place, which typically includes the ‘absolute basics’ such as Cyber Essentials. This also means keeping on top of security operations year-round, not just a tidy up and certification every year or so.
If the basics are not in place at the time of a breach, then many insurers will not pay out. On top of this, the ICO and other regulators are likely to hand out significant fines. These amounts aren’t insignificant, as the ICO alone can hand out a data breach fine of £17.5 million, or 4% of an organisation’s total annual worldwide turnover, whichever is higher.
Cyber security basics should be viewed as seriously as other risk controls in your business, such as a fire alarm that is regularly serviced and tested.
Common cyber security measures
For a cyber liability policy to pay out in a breach scenario you need to check the small print. However, here are common areas that are going to have an impact on any claim:
Patches and Updates
- Firewall Protection – IT equipment must be protected from unauthorised access by a suitable firewall. The firewall needs security updates and other updates at least once a month, if not automatically. An insurer will almost certainly not pay out if the firewall is not up to date at the time of a loss.
- Software updates –It’s best practice to patch and update software and it is a standard cyber insurance term to mitigate known vulnerabilities. Important updates to firmware, operating systems, and other software must usually be installed within 14 days of being released by the vendor or provider. Some insurers will insist on seven days, which can be a tough clause to manage in some environments, so keep an eye out for this.
- Tablets, phones, and other devices – It’s important that tablets, phones, and any other devices with access to your network are updated or kept off the corporate network. Your organisation is responsible for who and what connects to its network. If your network is breached from an insecure work or personal device, then your insurance could be void.
- Outdated operating systems – Outdated operating systems and software that is no longer supported by the vendor in terms of security updates is going to invalidate insurance if they are breached.
Users and Passwords
- Change default passwords – If you have default passwords or use the password that came with an IT device when it was purchased, then your policy will be invalid. There are large databases on the internet that list all these default passwords, and these are always a go-to for hackers and automated attacks.
- Individual ID and password –It can be common for some users to share logins and passwords to certain systems, and for conference room PCs to have shared logins. These shared credentials are unacceptable as they are a common cause of a breach. It also makes the source of a breach difficult to trace.
- Limiting access – System users should only have access to what they need, particularly logon credentials with enhanced security rights, such as administrator rights. It’s particularly important that users don’t have administrator rights on the device they log in to as that’s an easy way for an attacker, who may be an employee, to gain control of a machine and then the wider network and systems. Organisations will need to prove that administrator accounts are controlled and that passwords are changed regularly.
- Work laptops should be controlled – Only authorised users should be able to use work devices. This will need to be controlled via policy and login restrictions. An employee’s child downloading and installing a game with ransomware on to a work device could lead to the insurance being invalidated.
Data Backup
Cyber insurance policies will always cover the backup and protection of data. They will typically include:
- Two copies of backup data at different locations – It’s standard to expect two separate copies of backup data to be stored. One can be local to the IT environment, but another should be taken or backed up off-site, such as on a cloud backup platform. It’s increasingly common for insurers to ensure that backup data is air-gapped, so if someone gains access to your systems, they cannot get access to the backups. It’s common for ransomware attacks to seek and encrypt backups quickly.
- Frequency of data backup –It’s usual to backup data daily, if not continually, in most modern IT environments. If your data is critical, then an insurer would want to know why you have not backed-up regularly.
- Backup checks – It’s critical that you regularly evaluate your backups to make sure everything that needs to be is backed up. It’s even more critical to ensure that your backups are working as expected. Many systems will send automatic alerts, but it’s still worth doing a manual check and restore every now and again.
- Virus Protection –Cyber insurance terms typically state that anti-virus software should be in full and effective operation at the time of a loss. It should also be noted that many insurers are now asking that businesses have at least EDR (Endpoint Detection and Response), which is a typically more advanced antivirus solution, supported by a specialist organisation. In fact, it’s generally considered a security basic now, as antivirus was 20+ years ago.
Pre-existing problems
Cyber insurance will not pay out if you are aware of, or ought to have reasonably known about, a pre-existing issue, prior to the cyber insurance being taken out. This is particularly important if you’ve had security audits undertaken in the past but not dealt with any issues highlighted. Too often organisations know they have issues but still take out insurance as a way of mitigating spend on security controls. This is a bad idea.
Previous breaches
If you’ve been breached before it will impact your insurance, as there could always be something waiting to deploy at a particular time, or a hole left in the environment. You must declare if you have had a breach, usually over the last three years.
What can reduce premiums?
There are key areas that can make a real difference to your cyber insurance premiums and your security posture, such as:
- Multifactor authentication, particularly for remote access and administration accounts
- Privileged Access Management (PAM)
- Endpoint Detection and Response (EDR)
- Secured, tested and encrypted backups
- Email filtering and web security
- Patch and vulnerability management
- Cyber incident response planning and testing
- Cyber security awareness testing and phishing testing
- Security Information and event management solutions
- Vendor and supply-chain risk management
All the above are sensible security controls that should already be in place in organisations of all sizes.
If your organisation is considering SD-WAN (Software-defined Wide Area Network), then effective networking and built-in security should be integral to your decision.
In partnership with Fortinet, QuoStar is one of 15 SD-WAN specialised partners in the UK. We offer a solution that achieves safer, more cost-effective and efficient SD-WAN implementation. Here’s how:
SD-WAN explained
With dispersed workforces, new digital tools and cloud adoption at an all-time high, many organisations are turning to SD-WAN. This virtual WAN architecture brings together existing internet connectivity options, such as MPLS, Broadband, DIA and LTE, to securely connect users to applications, while simplifying the control and management of this connectivity.
SD-WAN solutions help to remove complex and expensive routing, cut down on hardware costs and remove expensive MPLS networks. They can also greatly enhance access to Software as a Service (SaaS) and other cloud-based services and help to minimise downtime.
The issue
However, many available SD-WAN networking solutions have little or no built-in security, which can lead to organisations adding a range of disparate tools to address these risks. This increases capital expenditure, raises complexity and creates potential gaps for cyberattacks.
A fully integrated, secure SD-WAN solution is the best way to ensure effective protection, operational efficiencies, and on-going readiness for evolving network demands.
QuoStar’s SD-WAN solution
Working in partnership with Fortinet, who have been recognised by Gartner as a Leader in the 2022 Gartner Magic Quadrant for SD-WAN for a third year in a row, QuoStar’s SD-WAN solution brings extra security protection and enhanced performance to the existing benefits of SD-WAN. These improvements include:
- Protection at all edges
Native security for both on-premises and cloud-delivered services, to provide flexible, secure access for a distributed workforce working on and off the network. Unified orchestration capabilities further provide end-to-end visibility and control of the network environment.
- A world-class user experience
Our solution overcomes WAN impairments at all edges using our comprehensive self-healing SD-WAN as well as AIOps and Digital Experience Monitoring (DEM). There are no network slowdowns thanks to our purpose-built security processing units, and application performance is maximised with artificial intelligence and machine learning.
- Reduced costs and complexity
Significantly lower operational complexity and low total cost of ownership is achieved with converged networking and security. Our unified SD-WAN solution secures remote workers and on-premises users with consistent policies.
You should investigate SD-WAN if:
- You’re a largely distributed company experiencing network problems.
- You’re particularly vulnerable to internet outages.
- Your internet connectivity costs need to be revaluated.
- You want to simplify the branch architecture.
- You’re in the market to affordably expand your company’s network.
- Your company needs to scale quickly and easily.
- You would like to enable reliable user experience on any transport with rich routing and advanced WAN remediation for self-healing networks
- SD-WAN control and management across multiple locations is providing a challenge for businesses with IT resources facing skill gaps
It’s time to let go of the view that multi-factor authentication (MFA) provides enough security.
Hackers have the means to steal passwords, hijack users’ sign-in sessions and bypass the authentication process entirely, even when MFA is enabled. Adversary-in-the-middle (AiTM) attacks may be nothing new, but the ability of criminals to bypass MFA is.
What’s new?
Attackers can now intercept the legitimate session cookie issued by a real website, along with the authentication token.
The sophistication of these modern AiTM attacks has been highlighted by Microsoft, who explain how AiTM phishing attacks work.
In simple terms:
- An attacker sends a cleverly crafted email (phishing attack) which looks legitimate
- An unsuspecting user clicks on this link, which takes them to the attackers’ ‘spoof’ website
- The attackers’ website silently and transparently forwards on the request to the real site (Office365, Google etc) for authentication
- The user sees the real website and enters their credentials to authenticate
The attacker can now silently intercept this data while it passes through their website
Cookie theft
Ever wondered how you can launch Edge or Chrome and navigate to your Office 365 email without being prompted for authentication? Or launch Outlook or Teams without being prompted for authentication?
This is because you have already done that once and have a safely stored session cookie which is valid for a set number of days. This is what the attacker is after and once they have it, they have easy, instant access to your email or Teams account.
Build multiple layers of protection
A multi-layered approach to security is the key. Relying on a single security mechanism such as MFA is like putting all your eggs in one basket. You need to reduce the possibility of security compromise by adding more control layers.
- Enable MFA if you haven’t done so already. Without this, it’s like having a toy padlock on your front door.
- Raise awareness. This is the most effective and essential step of all. Educate users on how to spot phishing emails and when they should and shouldn’t enter their credentials.
- Implement advanced email filtering. Reduce the chance of attacker emails reaching users’ mailboxes by deploying Content Filtering, Sender Filtering and Safe Links. These are must-haves.
- Implement a Web Proxy. These may be usually considered a mechanism to stop people accessing Facebook or eBay during working hours, but when combined with Deep SSL Inspection, a Web Proxy can inspect all traffic leaving the organisation and track known suspicious or malicious content and sites.
- Implement EDR. Next Generation anti-virus/anti-malware technologies with an Endpoint Detection and Response (EDR) service overlay can detect threats in your networking environment and respond to them appropriately, automatically, and ideally with a human interaction when required.
- Implement Microsoft Conditional Access Security Defaults. Conditional Access policies allow IT admins to create conditions before events, such as authentication, can be accepted. This could include enforcing MFA when logging into any Azure integrated Cloud App, including Office 365, to block sign-ins from untrusted locations or from unknown devices.
- Implement Least Privilege. If an attacker manages to penetrate all these layers you can still limit the damage done. If the end user does not have local admin rights, then there’s a good chance that the attacker will not have these when they compromise that machine. Another, possibly even more important, step is admin account separation
None of these controls are particularly new. They are in essence good practice and should be implemented as a base standard in all sizes of IT estate. The majority shouldn’t even cost significantly to implement if anything.
Cybersecurity attacks strike at the heart of an institution’s reputation.
If data is compromised, trust can be shattered. Like all service providers, financial firms depend on their painstakingly-built reputations to stay in business. Consumers must be confident that their financial information – and money – is safe. Guarding against cybersecurity threats is crucial.
These risks increased in 2021, with ransomware attacks rising by 288% last year. Given the global ransomware industry now generates annual revenues of over $1.5 trillion, this growth is unlikely to slow.
A new critical vulnerability was also recently exposed in Log4j, an open-source logging library that is used by a range of apps and services. This offers criminals with minimal knowledge the chance to infiltrate IT systems in order to steal passwords and data, and compromise networks with malicious software.
Cybersecurity is now being taken seriously at the highest level. In May 2021, President Biden’s Business Office released new advice about ransomware and how firms should guard themselves. This guidance offers financial firms eight main lessons to take into 2022:
- Back up your data
Many firms back up their data only at weekly intervals, or longer. Should a cyberattack occur, they could therefore lose up to seven days’ worth of data. Further, the longer the interval between backups, the longer it takes to restore lost data in the event of an attack. The effect on productivity could be devastating. Firms must equip themselves with technology to backup and restore data quickly and reliably, potentially by working with specialist partners. It’s also important to note that traditional backup systems are often a primary target in a ransomware attack, so firms need to ensure they have specific solution in place to protect backups from being encrypted.
- Implement an efficient patching system
It is not sufficient to patch IT systems on a weekly or monthly basis. Firms should be constantly monitoring their systems and resolving vulnerabilities. But as patching can cause outages, firms should invest to mitigate its impact on productivity. Technology is available that increases the speed of patching, reducing the time systems spend down. Bursting frees up resources for critical IT applications, allowing high-priority work to continue during outages. Hot standby systems also ensure that essential systems continue to function.
- Vet your suppliers
Even if a firm’s systems are sound, there may be a way-in because of vulnerabilities in suppliers’ networks. Undertaking due diligence is therefore crucial. One way of vetting a supplier is to request their Software Bills of Material (SBOM), which lists all open-source components in their software for IT professionals to review. SBOMs also allow firms to see which software versions their suppliers are using. Firms should ensure that versions align throughout the supply chain, and that all suppliers operate within high-standard risk management frameworks. Ideally, all partners should be ISO27001 or SOC2-accredited bodies. Firms should not be shy in asking suppliers for certification or auditing their cybersecurity processes.
- Maintain best practice
Firms should ensure best practice is in place, and that procedures are evaluated continuously. It is best to have evidence of these practices – such as by obtaining an ISO27001 certification, which recognises a high standard and continual management of information security. Systems must be regularly reviewed for any potential vulnerabilities and asset registers should be maintained, to ensure no risk is missed. Asset registers also mean a firm can prioritise by criticality – offering the most protection to its most important assets. Organisations should deploy well-established Governance, Risk and Compliance (GRC) practices. These embed risk management into everyday activity, making it easier to manage – and ensuring decisions are consistent and effective.
- Obtain specialist detection systems
A Security Information and Event Management (SIEM) solution is now essential to continually monitor system logs within an organisation. This allows activity to be monitored comprehensively by professionals, who are also notified of anomalies, and can respond to block and remediate issues. This may require specialist security technologies and skills or working with external partners.
- Segregate your networks
Both the UK and US governments state that network segments should be protected individually. Segmentation helps prevent attacks reaching other parts of the network, containing malicious activities to one part of the system and thus limiting damage. Micro-segmentation is even more effective, by establishing isolated zones within networks, protecting specific workloads individually. This stops lateral movement of malware through an entire system. Segregation is easy to install and manage, offering demonstrable benefits within a short period.
- Consider hardware tokens
Hardware tokens are a physical device that are plugged into USB ports. They generate a random number, which expire after one use and are valid for a limited period. This number is needed to log into the computer along with a username and password. It is a form of two-factor authentication that is effective at preventing account takeovers and ransomware attacks.
- Undertake resilience exercises
Financial firms should undertake resilience exercises to analyse their capacity to withstand cybersecurity attacks. By working through all the components of their technology infrastructure, organisations can analyse their resilience to cyber threats and review how strong the links within networks and systems are. Having identified the weaker links, firms can then ensure that appropriate mitigations are in place, or that the risks are understood. This helps business to respond to a cyberattack, while minimising the risk of any attacks being successful.
A growing threat which is often undertested is Denial of Service, where a bad actor swamps an organisation’s network connections, putting them offline. A financial firm needs to fully understand how they will respond, long before an attack ever happens.
The cybersecurity risks for financial firms are clearly increasing, but they are not unmanageable. By implementing this guidance, organisations can achieve more comprehensive and effective security operations, with systems resilient enough to withstand both emerging and existing threats. In turn, this will reduce the risk of reputation-damaging data breaches and regulatory scrutiny – whilst keeping clients assured they are in safe hands.
QuoStar’s Head of Security and resident CISO David Clarke shares his views on the new piece of legislation to protect the consumer – The Product Security and Telecommunications Infrastructure (PSTI) Bill.
“The Product Security and Telecommunications Infrastructure (PSTI) Bill supports the rollout of future-proof, gigabit-capable broadband and 5G networks, and better protects citizens, networks and infrastructure against the harms enabled through insecure consumer connectable products.” [Department for Digital, Culture, Media & Sport, 24 November 2021]
This is a very interesting piece of legislation as the “Product Security Measures” apply to manufacturers, importers, and distributors in the supply chain for consumer connectable products.
“A consumer connectable product is an internet-connectable or network-connectable product.” [Department for Digital, Culture, Media & Sport, 24 November 2021]
The PSTI Bill
The government has stated that the security requirements will apply in relation to products including:
- Connected cameras, TVs, and speakers
- Smartphones
- Connected children’s toys and baby monitors
- Connected safety-relevant products such as smoke detectors and door locks
- Internet of Things base stations and hubs to which multiple devices connect
- Wearable connected fitness trackers
- Outdoor leisure products, such as handheld connected GPS devices that are not wearables
- Connected home automation and alarm systems
- Connected appliances, such as washing machines and fridges
- Smart home assistants
The security requirements, to be set out in regulations, will:
- Ban default passwords
- Require products to have a vulnerability disclosure policy
- Require transparency about the length of time for which the product will receive important security updates.
The scale of devices with weak security is absolutely huge, Kaspersky research says there were 1.5 billion attacks against IoT (Internet of Things) products in the first 6 months of 2021.
As we speak (7th December 2021) more than 300 SPAR convenience stores across the UK have either had to revert to cash-only payments – or shut altogether – following a cyber-attack that has meant all point of sale devices have had to be taken offline, meaning the stores are unable to take card payments. It’s not the first time a European supermarket has been caught up in a supply chain attack this year. Sweden’s Coop stores were all hit with REvil ransomware in July this year, as a consequence of the Kaseya breach.
Ban Default Passwords
The question is, will this legislation make a difference? Removing default passwords will of course make a huge difference, yes. And no. It may just delay the inevitable. Will the devices have to have a standard for passwords e.g. minimum length or complexity? Will the device have a lock out period e.g.10 fails and you are locked out? If not, enumeration software will eventually crack the password.
Vulnerability disclosure
Good idea in principle, the difficulty will be whether these devices will auto update as it may be unlikely many users will have the technical capability to do it themselves.
Important security updates
If security updates are available for 2 years, similar to the average Android phone, what happens then? Will the consumers be alerted when the end of the 2 years is up? Will this then become part of built-in obsolescence, so new phones, doorbells, fitness wearables, washing machines need to be bought new again probably every 2 years.
“Ensure that consumer connectable products, such as smart TVs, internet-connectable cameras and speakers, are more secure against cyber-attacks, protecting individual privacy and security” [Department for Digital, Culture, Media & Sport, 24 November 2021]
This would seem to indicate that if there is damage to an individual’s privacy, there could be a group action against the TV manufacturer, importer, distributor, and manufacturers.
Should these devices go through a form of accredited security testing? In business-to-business relationships, there is usually a requirement that all systems should be updated within 14 days and be in support by the vendor.
In the age of Teleworking would the “work” supply chain be fully in scope? Home routers should not use a default password, and all software/firmware under the legislation must be in support by the vendor. Should smart speakers be updated? The doorbell, fish tank thermometer, alarm system, Wi-Fi Garden lighting? These could all potentially be in scope, especially where someone works from home, as a vulnerability for the corporate workspace.
Just one vulnerable point can allow criminals into a network.
In 2018, attackers were able to compromise a connected thermometer in a fish tank that had a default password. The fish tank was in the lobby of a US casino, and attackers used this vulnerability to enter the network and access sensitive details, such as bank details.
It’s very difficult to ensure that every link in the chain has appropriate cyber security measures in place and it only takes one vulnerable point to allow criminals into a network. Once they’re in, the knock-on effects can be catastrophic.
This is a step in right direction, but how do we manage the consequences, and will enforcement be likely?
Even in the Code of Practice for Consumer IoT Security there is some mention about encryption and cryptographic keys, but it’s not very detailed. Without encryption how will personal data and passwords be stored on IoT devices?
Hopefully, this will be the start of safer online world. Although is it enough? Probably not at this stage.
Will there now be a possibility of a class action against a device manufacturer for privacy infractions? Does this mean that the device manufacturer, importer, distributor could inadvertently (under GDPR) become a data controller if they are responsible or partly responsible for a breach? The bill raises more questions than it answers in the long term.
At QuoStar we manage these types of issues for corporate clients regularly. Patch management, passwords, release management and regular upgrades as well as containing systems and devices that cannot be upgraded, so they need to be contained and segregated with special security layers.
Endpoint security has evolved significantly over the last 2 years.
The old signature-based antivirus and basic firewalls are simply not enough to protect businesses from an endpoint breach, be it a laptop, desktop or a mobile device. The threat landscape has increased massively through COVID, endpoints are outside of the protection of the corporate network en masse. How the endpoint is protected is going to vary by the workload and application sets used within an organisation.
Endpoint Security for SaaS platforms and legacy applications
There are two main camps. Those who are predominately web based, say using Office365 and a couple of line of business applications that run on a SaaS (Software as a Service) platform. And those who run a mix of legacy applications, probably with Office 365 and perhaps Citrix or Windows remote desktop. There are of course those who use technologies, such as AVD (Azure Virtual Desktop) but for simplicity we’ll bundle them into the latter camp. In reality, the risks to both are similar and need to be assessed.
Layering is key
The key to protecting all endpoints and ultimately all organisations is to have numerous layers of defence. You can’t simply rely on a single control – because if that fails, or has a security vulnerability, then it’s probably going to be breached. The cybercrime industry is simply enormous, global, relentless and moves at lightning speed.
The more controls and the more checks and balances you have, the more chance you have of another control picking up and stopping exploits. This isn’t about doubling up, it’s about using a number of controls that protect against primary risks but may have some overlap. It’s not just about technology, so organisations really need to work on their risk registers to understand how they are controlling against certain risks and where they are thin.
Information Security Management System
Ideally organisations should be looking at implementing some form of ISMS (Information Security Management System). Something such as ISO27001 or IASME to continually evaluate, test and improve their IT security.
It’s now critical to have a framework to manage endpoint security as things are moving so fast. A business can’t simply rely on IT support and security teams to be responsible for data security. It’s the boards responsibility to make the decisions on how they are going to protect against particular risks, divert budgets, etc. It’s not the IT team that regulatory bodies, such as the ICO, FCA or SRA will punish if there is a breach. Neither will clients or the media be fobbed off that it’s an IT issue, especially if there is no ISMS in place.
Simplify IT environments
As a general rule, all organisations need to be focused on simplifying their IT environments. Over the years there has been too much bloat, in terms of too many applications, servers and data. This bloat has led to complexities.
The more complex an IT environment the more difficult it is to secure. This has to be a primary focus in this new world, simplifying the environment. Needs dependant, generally you can simplify and ultimately secure the endpoint by not having any data or applications running on it, except the bare minimum. The larger the attack surface the bigger the danger of an exploit.
This isn’t always going to be possible of course, but where it is, technologies such as Azure Virtual Desktop, Remote Desktop Services and the like do have their place.
Endpoint Security of BYOD (Bring Your Own Device)
More and more organisations are again talking about BYOD (Bring Your Own Device) coming out of the pandemic. In certain instances/circumstances BYOD can be extremely beneficial for a business if, for example, it’s giving access to a web based portal to a 3rd party contractor, obviously with some security measures, such as multi-factor authentication. However, as a general business practice, for all staff, BYOD not a good idea because in the main it’s difficult for an IT team to really lock down someone’s own device properly.
There are various container type solutions that isolate data and applications from the underlying operating system that can be used, but depending on what information that employee is dealing with you might want greater control and monitoring of the device. You can’t really do that on an employee’s personal device without impinging on their privacy.
Can CYOD help solve Endpoint Security issues?
One good solution can be a CYOD (Choose your own Device) initiative as a sensible middle-ground. That way people get the tech they prefer but the business can overlay whatever security solutions they like. In particular SIEM solutions and intelligent advanced endpoint security protections solutions are more and more critical.
What risks does an endpoint face?
The bulk of the risks that face the endpoint come over the network, as a direct attack against an interface, listening and man-in-the-middle attacks or delivered through an application, such as a web browser or email client. Once the endpoint is breached any follow-on breach to the main corporate network is going to also come from this device.
This is why it’s essential to get some control of the connections to and from the endpoint with technologies, such as SASE, CASB and VPNs. It should be noted that generally traditional VPNs are cumbersome and still problematic, and not ideal in a hybrid world.
Next Steps
If you’d like a free initial review of your security controls – without any obligation please fill in your details here and one of our team will get back to you.