APic: julie Kirby
The evolution of IT infrastructure platforms has allowed businesses and their employees to meet their application workload and data needs, particularly over the past two challenging years. Following the rush to move to the cloud in the first place, and then from public to private clouds, organisations are now opting for a more hybrid IT approach which allows them to split their workloads across a combination of on-premise and cloud platforms.
When it comes to security, hybrid cloud links security policies to the applications that employees are using, and enforces compliance mandates ensuring that data is secure in the cloud. In an on-premise environment, data is protected within the corporate network. Challenges arise, however, when endpoints, whether laptops, mobile phones, IoT devices or desktop PCs are not secure. This leaves dangerous gaps through which cyber criminals can attack, rendering the entire hybrid IT environment at risk.
The threat of keylogging
Endpoints are the access point of choice for cyber-attackers and the keyboard and screen are the attack vector they use to steal sensitive data. This is why one of the biggest threats to hybrid IT infrastructure comes from keylogging malware which monitors keystrokes on the keyboard.
Kernel-level keyloggers, in particular, are designed to thwart standard anti-virus solutions. They bury into the system undetected, sitting at a low-level, harvesting keys that are tapped onto the keyboard. It barely needs pointing out that the value for the keylogger comes in grabbing passwords, security details and other sensitive data which the hacker will later put to use.
Screen grabbing malware does a similar job, monitoring details as they appear on the display, and capturing them when certain events occur, putting at risk all information held within applications. The malware covertly sends the captured screen images through to the command-and-control server of the attacker, where any data that can be seen in the image is stolen. To combat this, organisations often advise their employees to use two-factor authentication, select complex passwords and update them regularly. Screen grabbing, however, if it can be executed, puts all information held within applications, as well as all information entered at the keyboard, under threat.
Of course, while data residing in the cloud is secure, there is a risk while it is being transmitted from the endpoint to the cloud from Man-in the-Middle attacks. These threats are relatively low, and encrypted mechanisms are effective, but once data reaches the cloud for processing or storage, it can become vulnerable to cloud-based attacks such as APTs (Advanced Persistent Threats). These are sophisticated attacks which continue over a long period during which an attacker, once a foothold is gained, seeks to search and move around cloud storage setting up data exfiltration or denial of service attacks. DDoS attacks are a common occurrence and frequently make headlines and defence techniques, including containerisation and DevOps, are well developed and well documented.
The risk of compromise
Organisations whose infrastructure spans public and private clouds and on-premise have used different combinations of solutions to secure their data. Standard anti-virus software, endpoint detection and response, virtual desktops, and two-factor authentication are commonly used, but none of these have the ability to protect data from being compromised if an endpoint is vulnerable.
In addition, security teams lack a cohesive view across their virtualised and physical infrastructure, so it becomes even more challenging to assess where risk might lie as employees access applications from a myriad of different devices remotely and within the corporate perimeter.
Protecting the endpoint
The solution to the problem of vulnerable endpoints is to create seamless micro environments in which applications can run on any platform, data is protected and devices are safe. Organisations adopting hybrid IT benefit from solutions that create a secure container providing them with multi-platform protection from a single pane of glass. Data entered at the endpoint is automatically ‘wrapped’ to prevent it from being stolen or infiltrated before it reaches the cloud server or the network without the need to identify the threat or its origins. This delivers an unprecedented level of protection to users and organisations that is easily integrated across the hybrid IT environment and as this approach is adopted more and more widely, will become an essential element in the enterprise security stack.