The future of endpoint management [Q&A]
It's frequently the case that the weakest part of any business network is the endpoints used to access it. A problem that's only been exaggerated by the shift to remote working driven by the coronavirus pandemic.
What can businesses do to improve their endpoint management and keep their data secure? We spoke to senior technical product manager Richard Melick at cloud-based device management specialist Automox to find out.
BN: How has the shift to remote work affected IT and Security practices?
RM: When the work from home mandates was first announced, companies without remote work cultures were forced into a company-wide future of work experiment. At the start, there were notable laptop and device shortages because organizations had to make sure that their employees had the tools to do their jobs away from the office.
While no one was prepared for the global impact the pandemic would bring, those that don’t have the right infrastructure or processes in place to support remote work struggle when it comes to IT and security management. When you're only prepared to manage and secure on-premise devices and infrastructure, the organization loses an incredible amount of visibility into the devices in its environment, as well as the operating systems and applications running on those endpoints. With IT and Security teams in the dark on these IT fundamentals, important security practices are exponentially more difficult to carry out and the attack surface expands tremendously. Things like patch management, security configurations, and updates are next to impossible to execute at scale without putting additional workarounds and processes in place.
To put it simply, the impact has been tremendous and it has caused organizations of all sizes to reimagine what their IT and Security programs look like now and in the future. Business leaders now recognize that the future of work is remote, and they need to make the investments to support remote workforces from a general IT and security perspective. Those that don't adapt will have very large attack surfaces that might as well have a bullseye on them from an attacker’s perspective.
BN: What impact do new enterprise applications, like collaboration tools, have on enterprise security?
RM: One of the most positive outcomes from these WFH mandates has been how helpful collaboration applications have been in keeping employees in seamless contact and helping to establish remote work cultures. Without apps like Slack and Zoom, meetings and easy collaboration would be far more difficult which is why organizations of all sizes rushed to implement these tools at the beginning of the pandemic if they didn’t already have them established in their environments.
However, it is vital that every business leader takes the steps necessary to ensure the speed of their unique digital transformation doesn't expand their attack surface and provide easy entry points for hackers to exploit. Every new technology and application, if not vetted properly from the point of implementation and updated regularly, can leave critical assets and devices vulnerable to attack.
For this reason, businesses should think about newly-deployed apps the same way they think about endpoints. Your security team wouldn’t hand you a new laptop without taking care of baseline security measures, so why would a new collaboration app be any different?
Having this mindset is pivotal to ensuring overall enterprise security, whether employees are remote or in the office.
BN: How does the increased usage of VPNs impact IT and Security teams?
RM: VPNs have been used by the majority of companies with the shift to remote work and the increased usage is justified. These are incredible tools for providing a security pipeline back to the organization.
However, they are simply not built to withstand entire workforces connecting to them, and many IT teams are being forced to deploy security patches and other updates through them. This can create serious bandwidth issues. For example, most Windows 10 patch packages are around 400MB in size, with some being significantly larger than that. For a small company with only 1,500 endpoints, this scales to 1 terabyte of data traversing a VPN. Even for small and midsized companies, this equates to gigabytes per second of bandwidth, which simply isn't sustainable.
To boil it down, VPNs are a long-term solution to enable employees to connect securely to the organization. But, they’re only a short-term solution for a business's security patching, configuration and general IT needs. Organizations should weigh these short-term benefits against the long-term, more impactful ones that come with a digital transformation to the cloud. By making the strategic decision to embrace cloud-native tools, businesses can scale their IT and security processes across the organization with ease, whether employees are remote or not.
BN: What do IT and Security teams need to be successful in managing remote workforces?
RM: It sounds simple, but you can't manage or secure what you can’t see. For this reason, organizations need to provide IT and SecOps with real-time visibility into all enterprise endpoints, including the operating systems and applications running on each machine.
This way, IT has a clear picture of the systems, software, and apps that need to be updated, as well as those that are already taken care of. This task of inventory control eases the burden of IT teams by allowing them to focus on the areas that need it.
While realizing this source of truth can be difficult with employees remote, depending on a company's existing infrastructure and practices, the future of work points to remote workforces being a reality. So it's on businesses to take the steps necessary to achieve the visibility required to provide the best service to employees as possible and do so in a manner that takes proper security into account.
BN: What does proper patch management look like for remote environments?
RM: Regardless of how many endpoints you have under management, the operating systems you’re running, or the third-party applications employees use to do their jobs, it is increasingly important that every company has the processes in place to ensure the security of its endpoints and ultimately its assets.
Research shows that adversaries are weaponizing new critical vulnerabilities within 7 days on average, and zero-day vulnerabilities are already weaponized at the moment of disclosure. Yet companies are known to take weeks, and in some cases months, to deploy patches.
Because of this, a 24/72 threshold for endpoint hardening should be the goal of every IT and SecOps team around the world. By eliminating zero-day exploits within 24 hours and other critical vulnerabilities within 72 hours, organizations prevent weaponization, better protect their assets, and ultimately reduce their exploitable attack surface.
Achieving this goal comes down to organizations taking the steps necessary to gain real-time visibility into their assets and having the right infrastructure to deploy updates and configurations in a timely manner. When these two requirements are met, businesses are able to most effectively protect their employee systems and the assets that are accessible through them.