Hybrid cloud has established itself as the preferred choice for many organizations. However, implementing and managing hybrid solutions is not without its challenges. First, there’s the challenge of controlling user data when you’re using hybrid cloud which we’ve talked about previously here on TechGenix. Then there’s the challenge of managing all the various endpoint devices in your company’s hybrid cloud environment. We’ll focus on this second challenge in this article.
Scott Gordon is the chief marketing officer at Pulse Secure, a company that delivers easy, protected, and available access to the data center and cloud. Scott has more than 20 years of experience contributing to security management, network, endpoint, and data security, and risk assessment technologies at innovative startups and large organizations across SaaS, hardware, and enterprise software platforms. With his expertise and experience in the hybrid cloud area, I thought Scott would be the perfect person for me to talk with about the challenges of managing endpoint devices in hybrid cloud environments.
I began our conversation by asking Scott what some of the concerns companies had these days with managing endpoint devices in hybrid cloud environments. “The response to the pandemic,” Scott said, “not only increased work from home and remote access risks but also increased BYOD use. Companies now find themselves dealing with an influx of connected devices, and a recent survey found 72 percent of organizations have experienced an increase in endpoint and IoT security incidents. Furthermore, organizations do not have unified visibility into all local or remotely connected users and devices. Without visibility, companies cannot further refine access based on the user/device’s role and least privilege access policies. This is concerning as organizations need to track their security posture to apply policy to minimize threats, such as malware spreading laterally or enabling access. Companies are seeking to streamline Industrial IoT (IIoT) defenses. Unfortunately, IIoT devices often lack security mechanisms or are at risk when the manufacturer’s updates have not been rolled out to avoid inhibiting production.”
Difficulty identifying devices accessing network and cloud resources
Why is it so difficult to discover, identify, and respond to devices accessing network and cloud resources was my next question. Scott replied, “Periodic scanning of network infrastructure or analyzing network entry notifications from other network access solutions such as IAM or DHCP is just not timely enough to address the dynamics of network and cloud access. Companies are now fortifying their endpoint and IoT network and cloud access capabilities. Forty-one percent of organizations intend to progress on-premises device security using network access control (NAC), and 25 percent intend to invest in technology that affords remote device access security posture checking. When exploring a NAC solution, the use of both agent and agentless device inspection solutions are preferred. If an endpoint has no NAC agent, organizations can lose granularity in device attributes such as what processes are running, software update versions, and other important data required for a meaningful risk assessment. Agentless endpoint posture scanning is not nearly as continuous or granular as leveraging an agent. However, for headless devices, like IoT devices, this is the only option.”
I next asked him what he felt might be the potential impact for a company when unknown, unmanaged, or insecure devices access their network and cloud resources. “As the survey found, 43 percent of respondents have lax endpoint visibility,” Scott said. If you don’t know what you bring on into the network, you’re not assessing the risk you’re introducing. Furthermore, it’s difficult to enable the user/endpoint with appropriate access privileges if you don’t know its role. Beyond identity authentication and endpoint security posture checking, companies need to ensure that users and devices often get excessive access privileges and invoking network segmentation. If an endpoint is compromised by a ransomware attack or is vulnerable to backdoor access exploits, threats can spread laterally to other devices with higher privileges and gain deeper access into the network and resources. Seventy-eight percent of organizations have experienced malware issues, and 61 percent had experienced insecure network and cloud access incidents.”
No implicit trust
Seeking some actionable advice on the subject, I asked him what steps companies with hybrid environments can take to enhance such things as endpoint and IoT device visibility, compliance, remediation, and threat response. Scott’s reply focused on Zero Trust network access control, which he said “can facilitate endpoint visibility and access control based on contextual policy. There should be no implicit trust because a user connects from the “inside” network vs. the “outside.” Devices and users must be authenticated and validated. Access should depend on a user and device authentication policy, for example, that checks the device’s security posture, such as does OS meet company requirements, and is the endpoint detection and response (EDR) capabilities active and up to date? Additionally, companies should invoke network segmentation to limit risk of unauthorized access and threats spreading. It is also a requirement for regulations such as PCI-DSS in finance, where financial data processing devices must be isolated, and similarly in health care where HIPAA dictates that patient information data protection obligations are in place.”
Wondering next about Pulse Secure, the company where he works, I asked Scott next about how Pulse Policy Secure (PPS) their company’s newly enhanced Network Access Control (NAC) solution fit into this whole picture. “Pulse Policy Secure, our Network Access Control solution, provides organizations with continuous visibility, endpoint and IoT access control, and automated threat mitigation. Pulse Profiler, available separately or as part of Pulse Policy Secure, provides full visibility of local and remote endpoints, so organizations know what’s connected at any time. PPS enables strong Zero Trust-based “comply to connect” policy enforcement, so users and endpoints are authenticated, and security posture is validated before they are connected to the network with appropriate, least privilege access.
“PPS can be deployed to support hybrid IT environments and provide organizations tremendous implementation flexibility. They can choose between agent or agentless clients, they can also apply stronger 802.1X for access control for certain network segments, or on the edge or choose non-802.1X capabilities for less stringent pre-connect access control.
“After gaining end-to-end visibility, organizations can expand policy enforcement, such as guest management and BYOD features. To increase operational intelligence and threat response, PPS provides bi-directional integrations with other security solutions such as SIEMs or NGFW. This breaks down security silos of those solutions and enables automated action as the most effective threat response at the network or endpoint level. Lastly, PPS has integrations that support IIoT visibility and threat mitigation.”
Manage endpoints and mitigate risk
That last statement of Scott’s especially perked my ears up because of the many risks businesses face today when they use IoT devices. Going forward, I believe this will be an increasingly important aspect of securing business networks and their associated cloud environments. For more TechGenix coverage on the subject of IoT, see this page on our site.
Featured image: Shutterstock