Rick McElroy
Rick McElroy 6 April 2018
Categories B2B, Technology

Five on-the-ground insights on implementing endpoint security in the cloud

Today’s “access-everything-anywhere-anytime” mobile data environment is great news for business productivity and performance but on the flipside it’s also a huge opportunity for cybercriminals. Here are five key insights that we’ve gleaned that will help anyone moving to cloud-based next generation security:

The increasing multitude of endpoints represents an ever-expanding playground in which to develop new ways of infiltrating corporate networks and making off with the digital goods. 

Malware, ransomware and a rising incidence of fileless attacks all constantly chip away at the perimeter while security pros now have to secure an environment that can comprise thousands of potential attack points. So, it’s not surprising that getting smarter about endpoint security is high on the CISO agenda and we’re seeing many turning to the cloud to cope with the scale and complexity of the task.  

At Carbon Black we regularly talk to experienced CISOs who are in different stages of implementing cloud-based endpoint security and we see common threads – some operational, some strategic - running through those conversations. It’s also fascinating how these threads demonstrate the diverse skillset required by today’s CISOs. Here are five key insights that we’ve gleaned that will help anyone moving to cloud-based next generation security:

Before you start - know your data risk

When scoping your endpoint security strategy start by understanding what data is being accessed through your endpoints and its associated risk profile so you can devise an appropriate response in terms of mobile access to that data. This varies depending on the level of regulation in your industry. Linked to this is identifying compliance issues or privacy considerations that must be factored in when increasing endpoint monitoring – particularly if you operate in multiple territories. Having this understanding at the outset means you can devise a system that fits the challenge at hand, avoiding any surprises further down the line.

Layer it up to complement existing systems

Endpoint security has become a priority due to the expansion and increasing vulnerability of the network perimeter. It therefore makes sense to view moving to next generation endpoint security in the cloud as an evolutionary stage in an organisation’s security strategy. CISOs tell us that they see it as an additional layer that enhances their capabilities by delivering far greater real-time intelligence and visibility of the network, allowing them to detect and mitigate more attacks, faster.

At the same time as adding layers, though, they are aiming to keep a rein on the time and resources needed to manage their systems. This means that choosing products with intuitive management consoles and straightforward reporting is a key priority.

Balance security and system performance

For all that a breach in security could bring an organisation to its knees, try persuading users to tolerate any kind of slow-down in system performance and you’ll soon face a people’s revolt. The vast processing power of the cloud takes away the burden from on-premise systems and ensures that there is no user-detectable impact on performance. For CISOs this is one of the most important pillars in building the business case for moving endpoint security to the cloud.

People are your biggest security weakness – change management is crucial

Speaking of user impact, as employees become increasingly mobile they need to understand their own responsibility to protect the organisation. This is where, on top of all the other skills that today’s CISOs need, change management enters the mix. It is as much a psychological challenge as an operational one to create a security-conscious culture throughout the business.

As the lines between personal and business technology become increasingly blurred this actually represents an opportunity to frame cybersecurity as something that’s important across all aspects of our online lives: a security mindset shouldn’t be something you switch off when you leave the workplace. Education programmes that help users safeguard their home systems as well as the ones they use for work have more resonance and lead to smarter, more secure behaviour across the board, which has got to be a good thing.

Another angle is to make users feel a valued part of security. Explaining what the system is designed to do and how what’s being asked of them - e.g. adopting two-factor authentication – actually protects the network is a great way to create a sense of mission around security. CISOs also favour phased rollout – so users can receive adequate support during the adoption cycle and frustration is reduced.

Bring it to the board

Cybersecurity has shot up the board agenda thanks to a proliferation of high profile ransomware and DDoS attacks and the ever-tightening regulatory environment. Basic generalisations about the threat environment don’t cut it with the board anymore as directors want to know to what degree their business is under attack and what management plans to do about it.

CISOs are finding themselves more frequently invited to present to the board and this is a great opportunity to secure ongoing buy-in for endpoint security. Boards are motivated by understanding risk, so a powerful approach is to use the reporting capabilities of cloud-based security to demonstrate the number of security incidents that the system is encountering and neutralising on an ongoing basis. This offers an overall picture of the threat environment and demonstrates the importance of swift mitigation and forensic analysis of attacks to inform future strategy. With this evidence the board is better-positioned to assess risk in relation to business objectives and it is putting CISOs in a stronger position to bid for budget to protect the business.

There’s no doubt that implementing endpoint security in the cloud requires CISOs to draw on many very different areas of expertise: data management, privacy and compliance, business case building and change management to name just a few. 

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
The 3 Most Important Stages In Your Presentation

The 3 Most Important Stages In Your Presentation

If you want to deliver a presentation on a particular topic and you have to prepare yourself for it you should make sure that you go through several very important stages in order to craft a compelling, persuasive and...

Nicky Nikolaev
Nicky Nikolaev 16 February 2016
Read more
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more
Five Ways to Gain Maximum Return on Your Videos

Five Ways to Gain Maximum Return on Your Videos

Without question, our collective appetite for video is fuelling more video-centric experiences online. Video’s ability to impart both emotional and practical information makes it a win-win for brands and consumers...

Juli Greenwood
Juli Greenwood 2 July 2024
Read more