Zero-Trust Security Beyond Online Identities

It’s every working parent’s nightmare. You’re in a busy airport with your company laptop and a child who desperately needs a snack. You turn your head for just a minute to dig for a snack, but when you turn back, your laptop bag is gone.

Luckily, you remember your recent cybersecurity training and call your company’s service desk immediately. As soon as the service desk verifies your identity, they wipe all your company’s valuable information from every app on the device.

This potential tragedy was avoided because your organization’s Zero-Trust Security framework has begun protecting endpoints, as well as online identities.

What Is Endpoint Protection?

Tools such as multifactor identification (MFA) are great for protecting online identities because they add an additional security layer to your traditional username and password. However, protecting endpoints—whether your desktop PC, Mac, smartphone, laptop or tablet, for example—means using tools like patches, updated antivirus software and group policies, to safeguard every place you send or receive digital data.

Historically, organizations secured endpoints by choosing vendors and installing their software on server infrastructure within the organization’s data center. Back then, employees did not need to access company resources outside of that network. But today, vendor applications have moved outside of these “safe” organizational environments to all those remote endpoints.

The Software as a Service (SaaS) model has smoothed the transition by making it easier to update vendor software. But with today’s much greater need to access work data online—and the staggering growth in apps employees can easily access—organizations need to step up their endpoint security game.

The problem now is that you need to check every endpoint used by every employee, even if your organization has thousands, tens of thousands, or more employees around the world. How can you do that?

That’s where endpoint protection tools come in.

How Endpoint Protection Tools Protect You

Many endpoint management tools are available that can automate the process of checking each endpoint against an organization’s list of approved apps, security policies, and more automatically. The goal of these tools is to determine if each endpoint is compliant with every factor on the list. Company policies guide those factors.

For example, you can configure endpoint protection tools such as Microsoft Intune to verify if a device is encrypted with a tool like Bitlocker; that it meets minimum operating system requirements; that all passwords are sufficiently complex and recently changed; and that the user installed all required firewall, antivirus, and antimalware software.

In other words, these protection tools can automate the process of identifying endpoints that are not compliant with your company’s policies and notifying their owners what actions to take. Once owners have made the modifications, the tools can again automatically notify owners, mark the endpoints compliant, and return them to service.

The result: secure endpoints that allow today’s employees to meet their need to work safely on any device, from wherever they go.

In addition, tools such as Microsoft Intune can prevent endpoint users from copying and pasting information from company apps to personal apps installed on the endpoint. This feature allows businesses to stop buying company cell phones. Instead, the tool secures company apps on personal endpoints through policy metrics. If the employee’s personal endpoint doesn’t have the latest manufacturer security updates on the endpoint, the tool prevents them from installing or using company apps and data on their device.

The Next Steps—Application Security and Beyond

Secure endpoints are an important tool in your cybersecurity armory, but Zero-Trust Security’s goal is to provide a more holistic view of your organization’s security to keep ahead of bad actors’ constantly changing attack methods.

That means you also must secure identities, endpoints, apps, data, infrastructure, and network signals. I recommend a top-to-bottom Zero-Trust Security Assessment to ensure every potential vulnerability is locked down.

Joshua Garrett is a Senior Security Architect for Centric Consulting’s Enterprise Collaboration team, responsible for protecting clients’ data and other digital assets. He has more than 20 years of experience aligning people, processes, and technology to securely meet all stakeholders’ strategic goals.

Leave a Reply

Your email address will not be published.