Article

Rick McElroy
Rick McElroy 6 April 2018
Categories B2B, Technology

Five on-the-ground insights on implementing endpoint security in the cloud

Today’s “access-everything-anywhere-anytime” mobile data environment is great news for business productivity and performance but on the flipside it’s also a huge opportunity for cybercriminals. Here are five key insights that we’ve gleaned that will help anyone moving to cloud-based next generation security:

The increasing multitude of endpoints represents an ever-expanding playground in which to develop new ways of infiltrating corporate networks and making off with the digital goods. 

Malware, ransomware and a rising incidence of fileless attacks all constantly chip away at the perimeter while security pros now have to secure an environment that can comprise thousands of potential attack points. So, it’s not surprising that getting smarter about endpoint security is high on the CISO agenda and we’re seeing many turning to the cloud to cope with the scale and complexity of the task.  

At Carbon Black we regularly talk to experienced CISOs who are in different stages of implementing cloud-based endpoint security and we see common threads – some operational, some strategic - running through those conversations. It’s also fascinating how these threads demonstrate the diverse skillset required by today’s CISOs. Here are five key insights that we’ve gleaned that will help anyone moving to cloud-based next generation security:

Before you start - know your data risk

When scoping your endpoint security strategy start by understanding what data is being accessed through your endpoints and its associated risk profile so you can devise an appropriate response in terms of mobile access to that data. This varies depending on the level of regulation in your industry. Linked to this is identifying compliance issues or privacy considerations that must be factored in when increasing endpoint monitoring – particularly if you operate in multiple territories. Having this understanding at the outset means you can devise a system that fits the challenge at hand, avoiding any surprises further down the line.

Layer it up to complement existing systems

Endpoint security has become a priority due to the expansion and increasing vulnerability of the network perimeter. It therefore makes sense to view moving to next generation endpoint security in the cloud as an evolutionary stage in an organisation’s security strategy. CISOs tell us that they see it as an additional layer that enhances their capabilities by delivering far greater real-time intelligence and visibility of the network, allowing them to detect and mitigate more attacks, faster.

At the same time as adding layers, though, they are aiming to keep a rein on the time and resources needed to manage their systems. This means that choosing products with intuitive management consoles and straightforward reporting is a key priority.

Balance security and system performance

For all that a breach in security could bring an organisation to its knees, try persuading users to tolerate any kind of slow-down in system performance and you’ll soon face a people’s revolt. The vast processing power of the cloud takes away the burden from on-premise systems and ensures that there is no user-detectable impact on performance. For CISOs this is one of the most important pillars in building the business case for moving endpoint security to the cloud.

People are your biggest security weakness – change management is crucial

Speaking of user impact, as employees become increasingly mobile they need to understand their own responsibility to protect the organisation. This is where, on top of all the other skills that today’s CISOs need, change management enters the mix. It is as much a psychological challenge as an operational one to create a security-conscious culture throughout the business.

As the lines between personal and business technology become increasingly blurred this actually represents an opportunity to frame cybersecurity as something that’s important across all aspects of our online lives: a security mindset shouldn’t be something you switch off when you leave the workplace. Education programmes that help users safeguard their home systems as well as the ones they use for work have more resonance and lead to smarter, more secure behaviour across the board, which has got to be a good thing.

Another angle is to make users feel a valued part of security. Explaining what the system is designed to do and how what’s being asked of them - e.g. adopting two-factor authentication – actually protects the network is a great way to create a sense of mission around security. CISOs also favour phased rollout – so users can receive adequate support during the adoption cycle and frustration is reduced.

Bring it to the board

Cybersecurity has shot up the board agenda thanks to a proliferation of high profile ransomware and DDoS attacks and the ever-tightening regulatory environment. Basic generalisations about the threat environment don’t cut it with the board anymore as directors want to know to what degree their business is under attack and what management plans to do about it.

CISOs are finding themselves more frequently invited to present to the board and this is a great opportunity to secure ongoing buy-in for endpoint security. Boards are motivated by understanding risk, so a powerful approach is to use the reporting capabilities of cloud-based security to demonstrate the number of security incidents that the system is encountering and neutralising on an ongoing basis. This offers an overall picture of the threat environment and demonstrates the importance of swift mitigation and forensic analysis of attacks to inform future strategy. With this evidence the board is better-positioned to assess risk in relation to business objectives and it is putting CISOs in a stronger position to bid for budget to protect the business.

There’s no doubt that implementing endpoint security in the cloud requires CISOs to draw on many very different areas of expertise: data management, privacy and compliance, business case building and change management to name just a few. 

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
‘Complainer marketing’ – should we harness rage to promote brands?

‘Complainer marketing’ – should we harness rage to promote brands?

As marketers, we're always looking to get the best results for our clients. But should we highjack the emotions of their customers to do so? No, as I explain in this post, you're better than that.

Tom Chapman
Tom Chapman 18 July 2018
Read more
8 Digital Marketing Trends to Watch in 2023

8 Digital Marketing Trends to Watch in 2023

The internet has conditioned customers to demand instant gratification, and that’s only set to continue. In 2023, customers will expect a response time of just hours. No more sending an email and waiting days for a...

Azeem Adam
Azeem Adam 3 May 2022
Read more
Deep Link vs. Universal Link: Which One is Better?

Deep Link vs. Universal Link: Which One is Better?

Are universal link and deep link the same thing? There are some big differences, let's understand them.

Stefano Pisoni
Stefano Pisoni 17 March 2020
Read more
B2B Customers Have More Control Over their Buying Journey than Ever Before – How are Marketers Coping?

B2B Customers Have More Control Over their Buying Journey than Ever Before – How are Marketers Coping?

The Covid-19 pandemic drove customers – businesses as well as consumers – online in unprecedented numbers. Sellers responded by adopting and accelerating digital strategies to reach their consumers.

Michael Nutley
Michael Nutley 22 September 2022
Read more