ThinScale has worked with multiple customers to set up their endpoint security policies. In our experience, these key practices should be observed by any IT security team focused on endpoints.
Secure your IT Management
- Access control
When deploying your endpoint security with authentication and MFA in place, it is easy to forget that this should also be done for IT management. This is to avoid unauthorized personnel accessing administrative controls over the endpoint environment. As with an end user with MFA on their endpoint, it is an added layer of security that will help protect against internal and external threats. MFA and user authorization will even help against accidental credential leakage.
- Administrator auditing
Due to the level of impact an individual with administrative control over an organization’s endpoint management can have on security, IT must keep track of all activities performed by IT management, through real-time analytics or auditing. It is important to monitor not only actions, but changes in permissions for roles. Providing a deterrent to any individuals internally who wish to leak data, and provide a historical view of what actions occurred for easier remediation.
- Permission restriction
It is best practice to ensure that not every member of the IT team has full privileges over the entire endpoint estate. Complete control should be held by a handful of people, and other members of the IT team should have just enough permissions to do their role (a key principal of zero-trust which most enforce on the endpoint, as well as many compliance standards such as GDPR). If an IT admin is only in charge of one division of endpoints, there is no reason they should be able to access or even see any other divisions.
Secure your Endpoints
- Access control
A fundamental issue when it comes to endpoint security, especially since the advent of remote working, is the assurance that those accessing confidential workspaces and resources are approved employees. This is why it is important to enforce authorization. Like with the IT management, MFA is also a vital layer of defense. Especially in remote working situations where device theft is more likely.
- Workspace isolation
An absolute must for any IT team is the isolation of the workspace from any unsecured computing component. Whether that be through hardware or software, the employee workspace should be its own entity managed by IT. This, however, is more than just deploying a VDI, or remotely installing apps. Truly effective workspace isolation requires everything non-essential to be locked down and controlled, following the zero-trust principles of least privilege access and breach assumption.
- Leakage control
A vital area of endpoint security is around data leakage. Data can be leaked in a multitude of ways, such as credential leakage, leakage through USB, keylogging malware, device loss, and even through a mobile phone camera! Drive control, write filtering, USB blocking, application & service control, and even watermarking are all methods of data leakage prevention.
- Routine validation
Endpoints are constantly being updated, though the modern decentralized workforce makes it hard to ensure devices remain compliant with the current company security standards. This is why it is so important to perform routine checks on all endpoints across your environment to make sure they are still up to security standards (patched OS, antivirus present, firewall secure, application up to date, etc.)
In our experience, these practices around IT management and endpoints go a long way in ensuring secure deployments. However, each deployment is different and may require different practices to be implemented. If you are looking for a flexible endpoint security solution that can provide all of the above and much more, get in touch with one of our team below!