Cloud and End Points and Security

So…a question that often throws me for a loop is this:

Internet cloud web “If ‘I’ move to the cloud I don’t have to worry about security at my client end point, right?”…

err… no that’s not right.

But, “why”, I hear you ask?

Well of course if you go to a reputable cloud service provider they will apply security updates to the servers that provide you services as commercial providers of services they will keep those servers up to date, and hardened to deal with attack utilise defence in depth, etc…

But the end-point; the thing that accesses the actual data, mail or services; still needs to be kept up to date; as much as it does in a non-cloud scenario, that’s still ‘your’ responsibility as an IT professional  for your environment, you still need to manage it.  Malware will still be able to take data from these devices using un-patched vulnerabilities; using the privileges of the user.

Do we have to do less work keeping things up to date?  Well yes it does, for those servers that you no longer manage and have moved to the cloud they will be updated by the service supplier in a SaaS and PaaS models.  In the IaaS model, the user is still responsible for managing the patching of the guest operating system, whatever it is.

Of course you could always move the management of the endpoint to the cloud using a service like Windows InTune.

In summary; moving to the cloud doesn’t mean you can just “stop” updating your end points, depending on the model of cloud service you adopt you may be able to stop patching some of your servers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: