The image of the Cloud and cloud computing has long been synonymous with something quite ethereal, soft and, yes, like a cloud, up there somewhat separate from the reality of modern business. This has changed dramatically over the last 18 months, and we are now quite clearly in an age of cloud computing that is as real as the keyboards used to add, use and compute data on these platforms.
The change in business operations and the likelihood of the remote working phenomenon growing and expanding into the next decade, will only mean that cloud computing is here to stay. With this comes increased risks and the number of ways the modern business can be affected by fraud and criminal activity in this space.
The most significant change to web security has been the number of access points for attacks that now exist. The aim of cloud computing has been realized and the ease of access from anywhere is phenomenal, which has brought with it a myriad of access points and endpoints.
This increase of endpoints such as desktops, laptops, mobile devices, Internet of things devices, smart watches and digital assistants also brings with it an upsurge in the number of attacks from these various points. It is thus one of the key aspects of any cloud security strategy and is arguably one of the most important layers of cloud security.
Thus, one of the keys to this protection is endpoint detection and response, or, as it is more commonly known, EDR .
Key components of EDR
As aforementioned the number of endpoints is skyrocketing and it is noted that an average US IT team will deal with anything between 5000 and 500000 endpoints, with each of these having the potential to be an entry into your system by anyone.
The EDR security strategy must thus create a space to store, analyze and create a speedy response to threats in a real time situation. This can generally be broken into three components each of which must be included to ensure that your business data is secure, yet you and your team can access the data when and as you need it, at any time and from any place. The system must also be able to accommodate access by clients and customers, and be a secure set up on a 24/7 365-day basis.
Each endpoint security strategy will vary greatly based on the specific needs and anticipated usage. It can be a purpose-built tool to prevent a specific attack or part of a much bigger security system, as well as a conglomeration of smaller security protocols to manage and control access at the endpoint.
Endpoint collection
This is the collection of data as to the usage from each of the endpoints that have accessed your network. Some of this is the required data, which you will also be able to adjust and inform as to what should be collected depending on the service provider that you go with.
The device and hardware data are essential and needed for the start-up process and linkages, but can also be used as a security check, in that only known devices can be allowed access to certain data or segments of your data center. Yet usage information and data accessed analytics can be added and adjusted, depending on what you need to collect and what you are trying to protect against.
Be mindful that certain platforms will allow your users or administrators to disable various collection processes, and it is also common knowledge that cyber criminals are able to mask their hardware and login information. As such, this is but one component of the process and must be monitored and upgraded constantly in real time.
Automated responses
The security protocol must be able to recognize all security breaches and be able to produce an automated response. These include logging off the user or alerting a staff member as to the breach. This must, for obvious reasons, be immediate and consistent.
Analytics and information
The system must be able to gather, store and analyze data as to usage, as well as the various threats that exist. This will allow for rapid threat diagnosis in real time.
The need for the modern businessperson to become well versed in cloud ‘speak’ and understand the technological advancements is clear. We are all being driven to use cloud technologies if we wish to compete on a level global playing field and as such must, as a matter of urgency, begin to create clear and current understandings within our businesses as to what this will mean from a security standpoint.
The move to remote and off-grid work is expected to continue to grow and as such one of the key aspects of business risk will be encountered in the accessing, sharing and integrated nature of cloud computing.
Interesting related article: “What is Cybersecurity?“