Industry Insights

Shifting SecOps from the Data Center to Endpoint Security

5 min Read

Cory Ranschau

Manager, Senior, Information Security

There’s no such thing as the network perimeter anymore. Everyone is remote. Apps are accessed through the cloud. And devices are connecting to data center applications and Software as a Service (SaaS) platforms via unprotected residential and public WiFi Internet plans. Yet, organizations need to continue to protect vulnerable endpoints that are facing increasingly sophisticated cybersecurity and insider threats.

Unfortunately, because of these changes, security teams can no longer rely solely on traditional infrastructure like network firewalls and proxies to secure their environments. The challenge is that as people work off network, it is far too easy for security teams to lose visibility into what users are doing on their endpoints. This issue may sound simple, but it’s not a quick fix for many security teams. 

Here are three ways to lay the groundwork for regaining visibility into distributed endpoints without disrupting operations. 

1. Focus on endpoints 

Earlier this spring, my colleague Nathan Hunstad commented that remote work will continue even as some companies start to move back into the office. “[This will make] traditional perimeter security tools, like web proxies, firewalls and network-based IDS less valuable. Visibility into the endpoint and user activities on the endpoints, wherever they are located, is much more valuable now.” At the same time, Gartner says cloud security is expected to increase 33 percent while on-premises security, including network security equipment, is projected to drop 12 percent year over year. Companies are realizing that a permanently distributed workforce will require a different approach to security — one that relies on the ubiquitous, infinitely-scalable cloud to gain visibility into endpoints.

2. Move to the cloud 

Given the changes in the way we work, it’s becoming more apparent that security teams should get rid of any tools that rely on the user’s physical presence to manage the environment, including patching. Cloud services make it easier for workers to access files and collaborate outside of the confines of an office, and these tools can help simplify the management of endpoints, as well. Code42’s continual shift to cloud tools was especially helpful when we started working remotely earlier this year. 

3. Simplify the environment  

Agent health is a big deal, and it is not easy to manage. There is no one solution because each environment is unique, and SecOps teams need to be prepared to piece together their approaches. At Code42, we’ve gone through our own journey, evolving how we secure our users’ endpoints. It all starts with simplifying the environment.  SecOps teams can do this by creating and maintaining an accurate inventory of assets deployed to end-users and by matching that list of active endpoints to each agent/cloud based security product.

The New Normal has forced SecOps to pivot away from data center tools to a new approach focused on gaining visibility into distributed and mobile endpoints. Over the coming weeks, we’ll continue to share best practices for how we are attempting to solve this within our organization.

Cory Ranschau

Cory Ranschau, CSSP, GSEC, is the Senior Manager of Information Security for Code42. Cory’s 15+ years of experience in both the IT and Security Infrastructure fields have focussed around delivering scalable, secure infrastructure.