This blog post is part of a series on Security for Startups. The full list of posts is shown below:
- Securing your Applications
- Securing your Cloud Infrastructure
- Securing your Employees
- Securing your Endpoints
- Securing your Office
As the world has moved to the cloud, there is this prevailing theory that endpoints don’t matter. The thought process goes something like this: “Because applications and data is now hosted in the cloud, endpoints don’t host any critical or sensitive data so I don’t need to worry about them as much anymore.” While it is correct that many of today’s applications are hosted in the cloud, the truth is that endpoints do matter, and they do host critical data. Often, end users will download data or save files on their machine. Why? Convenience accounts for some of it, and the fact that endpoint processing may be required is another reason. Here’s something else to think about: the data may need to be merged with other data to create a combined or new data set or document.
How to Startup Your Endpoint Security
We encourage startups to avoid falling into the trap of ignoring endpoints as part of their security strategy. With startup personnel being extremely busy and often without formal IT support, it is easy to skip endpoint management and security. The problem with this path is that a compromised endpoint can lead to compromised applications or cloud infrastructure, and that is where critical data is housed. It doesn’t have to be a difficult or time-consuming task to secure your endpoints, but the steps that you take now can go a long way toward helping you avoid a catastrophe.
Start with controlling who has access to your machines. Your users should have access, and you may want to have admin access so that you can also control the device if necessary. However, guest accounts and other accounts should be disabled to the extent that you can. The user’s password should be long and complex to increase the security of the device. Management of users can be easily accomplished through a Directory-as-a-Service® (DaaS) platform. A DaaS platform not only controls user access to other IT resources, including applications and the WiFi network, but it also enables IT admins to execute commands and tasks on the systems. Setting security policies is a good example of this capability.
The latest operating systems are offering full-disk encryption to help protect the data located on endpoints. As we have discussed, it is highly likely that corporate data can be found on endpoints such as computers, laptops, and tablets. Therefore, device encryption is an important step to take in protecting valuable corporate data. Disk encryption is relatively simple to enable, and it is also user-friendly. The password to the device will toggle the disk encryption on or off which underscores the importance of a complex password.
If possible, it is ideal to add multi-factor authentication to your devices. A complex password adds to the security of the endpoint, but adding MFA access to the endpoint raises it to another level. Directory-as-a-Service platforms are adding this capability for your ease. With DaaS, one solution may cover two of the key security tasks that you need to accomplish.
Unpatched files are one of the most significant vulnerabilities for any endpoint. The operating system is constantly being updated, as are some of the key applications that are used. This can cause some of the IT admins to struggle with keeping their endpoints up-to-date. A SaaS-based patching service, such as PatchSimple, can solve this in an easy and quick manner.
Anti-virus / Anti-malware
AV software should be installed on every device. There’s a reason that this security protocol has been an IT staple for many years. While AV software does not catch every issue, it does dramatically decrease the chances of an endpoint being compromised.
Endpoints: A Key Player on the Security Team
Endpoints are a critical part of any organization. Unfortunately, they often go largely ignored in startups. The lack of resources and the belief that critical data doesn’t exist on endpoints leads to a greater chance of compromise. With some straightforward steps, an organization can dramatically increase the level of security of their endpoints.
You can find more information on Security for Startups in the below video, where we discuss the topic in the DevOps world. Additionally, check out our ebook that gives expert recommendations and best practices in DevSecOps.