Moving to the cloud? A look at enterprise security considerations
Of the technologies that saw a spike due to the pandemic, cloud-based services are experiencing a bump in enterprise sales. The enterprise previously had been trailing scrappy upstarts in terms of digital transformation, largely because of the complications associated with moving tens of thousands of endpoints into a new environment. With entire workforces shifting to work-from-home environments, though, movement to the cloud has become all but inevitable.
According to IDC, digital transformation in the enterprise has accelerated since the start of the pandemic as enterprises seek greater flexibility and cost efficiency. Yet, enterprise security teams are posing a slew of new questions to cloud vendors about the security of their offerings. Best case scenario, this adds time to an already lengthy buying cycle. Worst case, security practices and protocols can kill a contract.
To be clear, no enterprise wants to be held back from something that might help them innovate faster, easier, and for less money and resources than what they are currently using, but in the current environment, enterprises are not going to take chances with their networks and user data. It’s just not worth it.
Today, a wide range of cloud-based services and applications can be integrated into a company’s IT environment, each with its own issues, vulnerabilities and strengths. It would be impossible to catalog them all, but there are some considerations enterprises should take into account as they seek out cloud vendors who prioritize security.
Industry standards and recommendations exist for a reason: to provide guidance and insight so that companies can build products and services the right way. Yet, standards are essentially the minimum companies should strive to hit. When it comes to building secure cloud-based architecture, vendors need to demonstrate that they’ve taken extra precautions and exceed industry recommendations so that you can feel confident purchasing their services. Take a look at the effort they put into going beyond the basics.
All or Nothing?
Enterprises are not just going to flip a switch and become full-cloud. Migration takes time and planning to do well. For this reason, flexibility is key. Clients may remain on-premises, off-premises over a VPN, or off-premises over the internet, depending on what an enterprise’s needs are and how their employees are set up.
Vendors with a type of cloud relay service as part of their architecture can make such adaptability not only secure but also easy. Clients and servers that belong to the same organization can exchange messages through the relay service, and servers can proactively send messages to their clients to support real-time functionality of tasks like pushing content, running a health check on endpoints, or executing endpoint detection and response (EDR) queries over the internet.
Securing the Flow of Communications
As data flows between systems, communications should also be secured using advanced signing algorithms. In an ideal world, as mentioned previously, certificates would exceed recommendations of HTTPS, SSL and TLS as well as FIPS 240-2 standards. For example, a vendor could use 2048-bit Elliptic Curve DSA certificates with AES256 CBC and SHA512 signing. Trust could be established between the vendor’s and the enterprise’s respective environments once a unique, single-use activation code is generated for users. With the code, the vendor’s server would initiate a secure key exchange protocol with the cloud relay service that ultimately results in an automatic certificate.
Such a design ensures that enterprises don’t need to set up, configure or maintain certificate distribution infrastructures, as all clients get their certificates immediately. Additionally, with a design like this, human involvement, and therefore errors or failures, can also be eliminated. Internet-facing communications would use the same message format and security mechanisms.
This is one setup, but of course there are other options.
In It to Win It
But beyond all of the technical specifications and possibilities, one thing that is vitally important in successfully and securely executing digital transformation is finding a vendor that is also a partner. By this I mean a company that takes the time to understand your unique circumstances, operations, issues and concerns, a company that will work with you and support you and your team well after a contract is signed. This is not always easy to identify within the sales process, which is why it is important to talk with references. In this day and age, it’s not enough to take a vendor’s word for it or to complete a test; you should learn from those who actually use the product or service you are considering.
A true partner has a vested interest in ensuring your enterprise’s success. They also don’t want to skimp on security protocols as that will come back to hurt them in the event of an incident. Look for the vendors that are willing to stand up with you; look for a design that has been battle tested. With the right vendors in place, the move to the cloud can be seamless, enabling you to recognize the benefits you seek.
Dan Richings joined Adaptiva in early 2015 as director of customer experience and was the first Adaptiva employee in Europe. He helped to quickly build Adaptiva’s business in Europe, has held numerous positions within the company, and as senior vice president of product management, For more information on Adaptiva, a leading, global provider of endpoint management and security solutions for enterprise customers, please visit https://adaptiva.com/, and follow the company on LinkedIn, Facebook and Twitter.