Deploy, warn, and report on those things in terms of cloud security

Businesses using Cloud Endpoint Security Services not only reduced their Total Cost of Ownership (TCO) but also played a significant role in eliminating the need to deploy and provision internal management servers. Unfortunately, however, some cloud-based offerings offer only relatively primitive, limited capabilities that do not benefit the TCO on the contrary, and instead only skew the TCO. When assessing cloud-based endpoint security services, take a holistic view and do not assume that the capabilities in a cloud service are the same as those in an in-house product.

A comparison of cloud-based security capabilities in this article based on cloud point-of-service capabilities assessments related to deployment, warnings, and reporting stems from the recent experience of the Tolly Group building prototype deployments based on the services provided by the five leading cloud security vendors.

Deployment features

Whether endpoint security involves an entire area or just a few new users, flexibility and ease of deployment are ideal requirements. While the management system covers the entire enterprise environment, the cloud-based security service is similar, but the deployment process is bound to change. While one implementation is a one-time task by definition, it is also a huge workload for large installations, so careful and thorough checking of installation tasks is also necessary.

The fundamental difference between traditional endpoint deployment and cloud-based endpoint deployment is that if you are using a cloud-based product, the endpoint is on an internal, private network and the management server is on a public external network. Because enterprise endpoints are certainly behind the firewall (and almost certainly use a private IP address space), the communication between the server and the clients it manages must be initiated by the client.

Cloud Endpoint Security Considerations: Deployment, Warning, and Reporting

Our research covers the three main deployments currently in use: package installation, installation through URL download software, and gateway machines. The first two methods are initiated by the client and "pulled" the required proxy and endpoint security files from the server. A third-party approach is to "push" the agent and related software (through a gateway system located within the firewall) from the server to the client.

So, at a minimum, cloud-based deployments require at least a "pull" installation of an endpoint client, even though the vendor offers an automated "push" option because "push" installation requires a local computer to act as a " External "cloud management server to the" Internal "target client. However, in our assessment, only one of the five products we selected provided a "push" option. The easiest way to install an endpoint proxy is to e-mail the installation URL to the endpoint user using the management console. (The URLs and installers used in the "push" method are both encoded using the client company's cloud security ID, which automatically associates the client with the customer's cloud computing security management server.)

The "push" system allows the installation to proceed without user interaction. You can log in to the endpoint by identifying the target machine with the name and IP address displayed on the management console and then providing the credentials for automatic installation to use.

Cloud Endpoint Security Warning

Once installed, the next step is the warning feature, which gives administrators immediate visibility into potential security issues. In addition to displaying warnings on the product's management console, most cloud-based endpoint security products enable email and / or SMS alerts.

Typical warning conditions include threat detection, blocking URL detection, outdated virus definitions, X days without scanning, and so on. Surprisingly, we found that some services provided only limited or no support at all for warnings. In addition to real-time analysis, security administrators must rely on reports.

Warnings are an important feature that administrators can not keep around the clock around the clock, and organizations should not only ensure that they have the feature in the service of their choice, but also make sure the feature is up and running.

Cloud Endpoint Security Report

The requirements of the report should be fairly predictable. Security administrators typically need a checklist of threat detection, jammed devices, attempted access to controlled outreach, and more. Therefore, it is very surprising that three of the five services participating in this assessment did not provide any of the predefined reports. Although it is not a burdensome burden to generate these reports manually, the fact that these major players do not have their developers devoted time into these basic reports reflects the general lack of depth of functionality in many products.

Before implementing, be sure to carefully define the warning and reporting requirements. Are these existing endpoint security reports to be provided by the new system? Are new or additional reports necessary? What are their purpose? To answer these questions briefly, provide them with forward-looking cloud point security vendors and ask them Whether you can generate these reports for you, of course, is best without any additional costs.

About the Author:

Kevin Tolly is the founder of Tolly Group, an industry leader in third-party verification / testing services with over 20 years of history. Read more about Tolly Group at http://www.tolly.com.

【Editor's Choice】

Multiple Security Insights for Cloud Computing Security: Cloud Security Risks Lurk in the Big Data Project Private PaaS Rescues Corporate Governance and Cloud Security [Editor's Choice: Xiao Yun TEL: (010) 68476606]