By Neeraj Nayak, Senior Manager, Product Marketing at CipherCloud
Endpoint security, today, has emerged as one of the biggest cybersecurity concerns in the industry. Due to the worldwide shift to remote workforce model, we are witnessing two major trends in the industry – (a) adoption of SaaS applications for remote collaboration (b) increasing number of employees connecting to work using their personal devices. Why is this a concern? Because to stay more productive, employees more often than not ignore security best practices and connect directly to the cloud with their personal devices that lack the security settings of company-issued hardware. And enterprise firewalls, that focus on perimeter security, have no visibility and control over the collaboration happening in the cloud. This can lead to unauthorized cloud access, data leaks, and accidental disclosure due to a high degree of collaboration in SaaS apps such as Slack and Teams.
What are the potential security risks associated with endpoint devices?
With cloud emerging as the biggest threat vector, the lack of endpoint security controls sounds even more worrying. Employees can accidentally upload infected files in the cloud from unauthorized and unmanaged devices, leading to data breaches of magnified proportions. The high degree of collaboration in SaaS apps such as Slack and Teams can lead to data leaks and accidental data disclosures. Highly regulated industries, such as Healthcare and BFSI, run the risk of data privacy violations and compliance failures due to PII, PHI, PCI data leaks, subjecting them to millions of dollars in lawsuits.
How CASBs can solve endpoint security challenges?
Cloud Access Security Brokers (CASB) are tailor-made to address the endpoint security challenges in the cloud-mobile world. The comprehensive data protection and access control policies defined by CASB enable context-aware management of devices connecting to the cloud apps from any location and trigger corrective actions, such as device blocking and preventing sensitive data access, on detecting a policy violation. The inline DLPs of CASB perform real-time scanning of every content going into or out of the cloud to maintain cloud integrity and prevent data loss. The following are some of the CASB best practices for securing access to the cloud from any endpoint BYO device.
CipherCloud recommendations for establishing endpoint security
- Classify the device: Understand the endpoints and classify them as managed or unmanaged devices as and when they are connecting to the cloud apps. Classification can also be achieved through the installation of digital certificates on the connecting devices.
- Define zero-trust identity controls: Integrate with SSO solutions to streamline device authenticate at the gate and maintain comprehensive logging of user access. Enable step-up authentication techniques such as two-factor or multi-factor authentication.
- Integrate with MDM/EMM solutions: Get the device status from the MDM solutions already deployed for endpoint device management and use that intelligence in defining security policies and enforcing actions.
- Remote control data: ActiveSync proxy integration can be used to block a connected device or remote wipe the Office 365 data on the device based on the current device posture.
- Limit cloud data access: Define access control policies that can limit access to the cloud resources based on the device type – managed or unmanaged. For example, allow only browser-based access to cloud on unmanaged devices and block access via thick apps, deny cloud data sync on the unmanaged devices, etc.
- Protect downloads on personal devices: Secure the sensitive data being downloaded on unmanaged devices using Information Rights Management (IRM). Only authorized users with IRM mobile app and valid keys will be authenticated to decrypt and view the sensitive content in the downloaded files.