This brings me to the primary point of this article; the importance of an endpoint management solution that can secure regardless of enterprise premise boundaries. In essence, our objective should be to manage and patch all endpoints (laptops, tablets, smartphones) wherever they are on the internet, whether connected via a remote access solution or on premise, as quickly and accurately as possible. This is a significantly different model than in use in many enterprises – where the commonly used security model has been a very hard external perimeter that resists exposure of services externally (and relies solely on external endpoints to remotely connect in for any service).
I’m convinced that as these two challenges collide – the increased pace of the threat landscape and increased use/reliance on mobility – that having an internet-capable endpoint management infrastructure will become increasingly important and even critical in managing risk for all enterprises. Trust me, I would not have said this 5 years ago – when I strongly agreed with the model of keeping any and all internal services within the enterprise security perimeter and not exposing it to the internet at large. What’s changed is really the threat landscape, along with solutions that can securely support that outward-facing service model.
I’ll acknowledge that as a practitioner, I often embraced the “no internal services externally” approach that is common to best security practices but I believe the conclusion I’ve reached (along with many others in the security space), is that security configuration and patching is not an “internal” service any longer but rather one that must execute externally, wherever endpoints compute on the internet. This is really the only way to ensure we reach the level of patching as well as accuracy of security configuration management we desire today (as well as require to minimize the risks we’re seeing in today’s threat landscape).
Lastly, as we look at the concept of ensuring proper management wherever enterprise endpoints exist as quickly as possible, this becomes fundamentally important as we utilize these solutions to execute on advanced threat intelligence against all enterprise endpoints as quickly possible and most importantly, wherever they exist (inside or outside the enterprise perimeter). Getting real time feedback across any powered-on endpoint in this use case will allow enterprises to quickly step up it’s pace in analyzing advanced attacks and allow for automated and thorough response.
Has your enterprise embraced this approach and implemented an endpoint management solution that can provide external security configuration management or patching or do you still rely on remote access connectivity to secure endpoints outside your perimeter? I welcome comments or thoughts in this quickly evolving space.