Securing cloud endpoints: What you should know
What is endpoint security in the cloud?
Endpoint security solutions, such as endpoint protection platforms (EPP) and endpoint detection and response (EDR), were once considered a separate discipline from cloud security. These technologies have since merged to create solutions for endpoint protection in the cloud.
Traditional endpoint security was only sufficient when employees all worked on-premises, accessing workloads through company computers. However, changes to the market, including greater competition, the need for 24/7 accessibility, and rising IT costs, have led more organizations to embrace cloud computing to enable a more open and accessible IT environment. The cloud is accessible from any device, which is good for work flexibility but can complicate security.
Challenges for cloud security include:
- Cloud systems introduce new types of endpoints, including SaaS applications, cloud storage buckets, managed databases and computer instances (such as EC2 instances or Azure VMs). Each of these is, for all intents and purposes, an endpoint that attackers can gain access to and compromise.
- The number and types of endpoints accessing the cloud are constantly growing, with devices ranging from laptops to smartphones and tablets. As the Internet of Things (IoT) grows, so does the list of devices and the associated vulnerabilities.
- External bring-your-own-device (BYOD) endpoints do not provide sufficient visibility into their state or contents. You cannot know what potential security threat may be hidden in a connected device.
- It is difficult to manage and monitor endpoint behavior and access. Even if your security policy stipulates a list of approved devices and installed apps, you need the right tools to monitor and enforce endpoint security. To ensure you are protected, you need to find a way to extend security to include monitoring remote endpoint access and behavior.
Cloud endpoint security challenges
Let’s take a closer look at security challenges affecting endpoints in public and private clouds.
Public cloud endpoint security
Public cloud resources are more vulnerable to attackers because they are outside the control of IT departments and typically have access to public networks. All public cloud providers use a shared responsibility model, in which the cloud provider secures cloud infrastructure, while cloud users must secure their workloads and data and are responsible for secure configuration.
Many organizations use multiple computing models, including public Infrastructure-as-a-Service (IaaS) such as Amazon EC2, Platform-as-a-Service (PaaS) such as Amazon Lambda and Software-as-a-Service (SaaS) such as SalesForce and Microsoft Office 365.
It can be challenging to identify endpoints, understand access controls and establish secure configurations, as these can work differently for each cloud provider. You cannot centrally view and control all your public cloud branches without specialized tools, and you have to find them one by one across multiple cloud environments.
Another dimension of cloud security, which is unique to the public cloud, is that attacks can not only compromise sensitive resources but also increase cloud costs as attackers leverage cloud infrastructure to create their own, malicious resources.
Private cloud endpoint security
The private cloud may seem more secure because it is fully controlled by the organization and runs in a local data center. However, private clouds are also vulnerable to attack.
Security issues that can impact private clouds include:
- Insider attacks — a malicious employee or attacker who holds or compromises a legitimate account within the private cloud, can use it to wage an attack. Endpoints are usually connected to other resources and networks, which can lead to lateral movements by malicious insiders.
- Phishing — social engineering is a common way to compromise endpoints. For example, in a spearphishing attack, hackers investigate victim behavior in your organization, send a crafted and trusted email and trick them into clicking a link to grant attackers access or distribute malicious code.
- Non-compliance — organizations must ensure that endpoint controls are properly configured and sensitive data is adequately protected. If the necessary control measures are not implemented and there are audits or actual violations, the organization may lose certification or incur fines.
- Data exfiltration — intellectual property, sensitive or business-critical data or security controls can be leaked to external sources. This is often the result of endpoint vulnerabilities. Data can be stolen by malicious software deployed on endpoints by attackers, transmitted via tunneling over traditional communication protocols (e.g. DNS) or using other methods, such as cloud storage, FTP or Tor.
4 Cloud endpoint security best practices
The following best practices can help you enhance endpoint security in the cloud.
Centralize your security strategy
To identify threats across multiple cloud platforms and effectively integrate a security strategy that meets the needs of each platform, security teams can centralize security controls to gain data visibility across multiple cloud environments.
Information about security measures and tools should be shared between the teams responsible for each platform. Having a common protocol for secure implementation of services ensures consistency, and facilitates secure integration of multi-cloud architectures.
Secure user endpoints
Most users access cloud services through a web browser. Therefore, it is important to implement a high degree of client-side security, ensuring user browsers are up-to-date and free of vulnerabilities.
You should also consider implementing an endpoint security solution to protect your end-user devices. This is critical given the explosive growth of mobile devices and remote work, as users increasingly access cloud services through non-company-owned devices.
Combine endpoint security with additional security solutions, including firewall, mobile device security and intrusion detection/prevention (IDS/IPS) systems.
Network segmentation
EDR tools typically respond to events by isolating endpoints. This type of response quickly deters threat actors. But by creating a segmented network from the outset, you can provide additional protection and prevent attacks before they begin. You can use network segmentation to restrict access to specific services and datastores. This reduces the risk of data loss and limits the extent of damage from a successful attack.
Using Ethernet Switched Path (ESP) technology, network structure can be hidden to further protect the network. This makes it more difficult for attackers to laterally move from one network segment to another.
Preventing cloud phishing by securing credentials
Many security breaches are caused by leaked credentials. Users may intentionally share their credentials with others, store their credentials on public devices or use weak passwords that are easy to crack.
Credential phishing is also a major risk. Many users are easily tricked into using fake portals through malicious scripts and email scams. These users may provide their credentials without realizing that something is suspicious. Once a malicious attacker obtains these credentials, they can gain access to applications, application data and corporate systems.
To protect against these situations, you can implement endpoint protection that detects anomalous use of credentials. For example, if someone logs in from an unexpected geographic location or from multiple IPs at once, you'll receive an alert.
You should also implement a secure password and login policy. If possible, set a session timeout policy and force users to change their passwords periodically. Implement multi-factor authentication (MFA) whenever possible. If you can't change the authentication scheme because you are using third-party services, implement an internal policy that defines password complexity and lifecycle.
Cloud endpoint security challenges
Here are suggested best practices that can help improve endpoint security in a cloud environment:
- Centralize security for cloud endpoints: make sure you apply consistent policies across all your cloud environments and the on-premise data center.
- Secure user endpoints: users frequently access the cloud from remote, personal devices. Ensure that only devices with a known level of security hygiene can access your cloud.
- Network segmentation: apply segmentation in the cloud to ensure that compromised endpoints cannot grant access to other, sensitive systems.
- Prevent phishing: add endpoint tools and strong authentication to prevent social engineering attacks that can compromise user credentials.
I hope this will be of help on your journey to robust cloud security.