It seems as if everything is happening in the cloud now — whether I’m sharing a document with a colleague or backing up family photos. This is happening in cybersecurity as well, where the storage flexibility and computing power of the cloud have enabled new ways to secure organizations.
To speak to that trend, I recently joined Hank Schless on the Endpoint Enigma podcast to discuss the difference between using security that runs inside data centers versus security delivered from the cloud. (A while back, Lookout Chief Strategy Officer Aaron Cockerill talked a bit about this as well in the context of the Microsoft Exchange attack).
To continue that conversation, I decided to put some thoughts down on paper about the specific advantages of security that runs in the cloud. For this blog, I’ll be diving into why on-premises solutions are no longer feasible in a remote-first environment. I’ll also be discussing how Zero Trust and proactive threat hunting can only be done by leveraging the power of the cloud.
Why Zero Trust is critical to a remote-first environment
One of the biggest challenges security teams face today is the fact that employees can work from anywhere. They are increasingly using personal devices and networks you don’t control, which means organizations have lost visibility into what’s happening to their data.
This is where Zero Trust enters the scene. With very little under your control, you must assume that no device or user is trustworthy, and only enable those with low risk levels to interact with your infrastructure. But to do so, you need a lot of data and computing power, especially as threat surfaces expand and cyberattacks are constantly evolving.
Why cloud-delivered security is critical
Organizations are no longer dealing with the controlled environments they had with corporate-issued devices and perimeter security as employees work from anywhere. With personal devices and unmanaged networks like home Wi-Fi, security teams have no idea whether a device or account has been compromised.
By having your security solutions delivered from the cloud, you’re no longer restricted by the storage and computing power of data centers.
Here are three ways cloud-delivered security can secure your organization from endpoint to cloud:
1. Detect and respond to mobile threats
One of the most used devices by your employees is likely their tablet or smartphone. While these devices have empowered people to stay productive from anywhere, they are also harder to secure. The locked down nature of mobile operating systems (OS) and apps makes mobile platforms infeasible to scan for threats using traditional methods. As a result, whether it’s phishing threats or risky apps, you need a large amount of data and machine intelligence in order to efficiently detect and respond to them.
2. Understand user behavior to stop insider threats
To stay undetected and assist with ongoing compromise, account takeover is a key weapon of choice for cybercriminals. The most common way for them to compromise your employees’ accounts is with phishing attacks. Once they’ve gained credentials, they will move around silently within your infrastructure to steal data or deploy malware. So whether you are defending against ransomware or insider threats, you need to understand what’s going on with your users and their accounts. This can only be done in the cloud where you can cross-reference user behavior automatically.
3. Secure data no matter where it goes
Collaboration and data access have become easier with mobile devices and cloud apps, but this means your data is now going wherever your users are working. To ensure your data remains secure, you need to understand what types of data you have across all your cloud apps, such as Microsoft 365, SAP SuccessFactors and Slack. This can only be done with the scalability of cloud computing.
4. Proactively hunt for threats
With the cost and frequency of security breaches increasing, your security team should have the ability to investigate what’s happening to your organization from endpoint to cloud. A cloud-delivered security solution will provide you with the flexibility and scalability needed for effective threat detection and response. The vast amount of data required to hunt for threats simply cannot be collected nor analyzed by on-premises and/or on-device solutions. Securing your data from the endpoint to the cloud is essential so you can 1) identify the threats while they’re happening, and 2) go back and investigate why they happened.
Cloud solutions are inherently elastic in how they provision computing resources. CPU, RAM, and even hard drive space can be allocated on-demand to ensure that processing goals are met. This elasticity is especially important given the exploratory nature of threat hunting and forensics investigation. Proving a research hypothesis can lead a security intelligence analyst to pivot multiple times, each time requiring additional, often more complicated analysis, to arrive at a threat conviction.
Go cloud or go home
The way we work has changed thanks to the adoption of the cloud. Cybersecurity needs to take advantage of that as well. With employees now working everywhere, organizations need to revamp the way they secure their workers and data.
From detecting endpoint threats to stopping insider threats and protecting data, securing the modern workforce needs to move beyond on-premises tools.
To hear more about the differences between on-premises and cloud solutions, listen in on my conversation with Hank Schless. If you’d like to know how to safeguard your organization from endpoint to cloud, take a look at the Lookout Secure Access Service Edge solution page.