Reducing risk at the endpoint: A practical framework

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Simon Clephan
 

Connecting state and local government leaders

By Simon Clephan

|

As agencies migrate to the cloud, they can improve security of their endpoint devices by considering a secure Linux OS and centralized management.

Data privacy issues, for both government agencies and private enterprises, continue to be at the forefront of new initiatives to add more protection for individuals.  These initiatives are taking shape in today’s environment of proliferating endpoint devices (including the internet of things), more cloud workloads  and increased anxiety on the part of the public that current security practices aren’t working.

One of the newer initiatives is a cooperative project announced by the National Institute of Standards and Technology to develop a voluntary privacy framework to help organizations manage risk.  “The development of a privacy framework through an open process of stakeholder engagement is intended to deliver practical tools that allow continued U.S. innovation, together with stronger privacy protections,” NIST Director Walter G. Copan said.

Contributions to the endpoint practical framework

Creating a framework for practical tools to further secure data privacy is encouraging.  Within this framework federal agencies are tackling a number of challenges, two of the most immediate being the diversity of endpoint devices now in use and the need to ensure data privacy while moving more operations to the cloud.

The Continuous Diagnostics and Mitigation approach, which supports a four-phase method to better identify threats and mitigate risk, is another step in the right direction.  After scrutinizing what is on a network, who is on the network and what is happening on the network, the last phase asks how data is  protected.   That question is one that keeps IT security staff up at night.  Networks now contain a mixture of devices, including aging hardware, newer software assets and IoT devices.  Most likely, an agency is managing assets with varying operating systems, access controls and monitoring in place.  This creates an opportunity-rich environment for new threats to succeed.

Better security at the endpoint

All branches of the U.S. government are facing this complex challenge of getting a clearer picture of all assets affecting network security. Since the endpoint now entails so many different devices, security today requires even greater vigilance.

Tightening up security at the endpoint, therefore, necessitates a re-examining of hardware and software assets and reviewing options available to improve endpoint security while containing costs, preserving workflow performance and improving data security.

Here are five practical areas that will enhance endpoint security and further guard data privacy:

1. Hardware refresh. Options such as refreshing existing desktops to improve performance and security are costly and often a barrier to adopting more advanced endpoint technology. Look at less costly software options that can extend the life of existing hardware and convert these assets into modern, securely managed endpoints. It is possible to convert any x86-based machine into a fully functional, advanced thin client device that enables agencies to move to a virtualized desktop infrastructure and support modern security standards.

2. Endpoint visibility. Multiple types of endpoint devices and locations expand the attack surface, and are a recipe for increased threats. Endpoint management is the first defense against these risks.  By instituting automated, centralized management with software tools, IT staff can manage endpoints in diverse operating systems and in remote locations.  This centralization helps control against rogue devices and reduces the risk of a shadow IT-generated breach.  In concert with thorough asset management, IT should have a complete picture of all endpoints in use -- with access to the network -- and be able to flag any anomalies to contain possible threats.  Through automated backend control, IT can quickly configure specific, granular security policies, push out firmware updates according to policy rules and modify access policies as needed.

3. Linux rules. Linux is considered to have superior security and the support of legions of innovative developers. It also features an inclusionary, open-source model that promotes community testing of new apps and finds bugs before widespread deployment. Thus, Linux further helps prevent threats from becoming disruptive events. Linux products are known to be used by the Defense Department, the Navy, the Federal Aviation Administration and scores of other public-sector agencies in the U.S. and abroad. 

At the endpoint, those devices running on a Linux OS, including the growing number of IoT and mobile devices, have the benefit of improved security features.  Linux is very resistant to viruses and other malware, making it much more secure than Windows.  It also enables IT staff to customize applications to provide direct updates and patches that have been tested for stability by endpoint developers.

Government agencies looking to refresh existing hardware assets with endpoint management software, or planning new acquisitions in software managed endpoints, should examine the benefits of Linux OS-powered endpoints as an effective threat defense.

4. Windows in the data center. Linux belongs at the endpoint where its OS can provide a secure, flexible computing environment that is highly resistant to attacks like malware. Windows, on the other hand, belongs in the data center, where it can be more effectively managed, protected from outside attacks and optimized for application and desktop delivery. On user devices, Windows is much more vulnerable to security threats, requires the latest hardware investments to deliver user-expected performance and is much harder to manage as workers roam about freely. Moving Windows to the data center will also benefit performance since the inevitable cycle of Windows patching and updates will no longer slow user productivity. Users would no longer have to wait while system updates or worry that their endpoint could be compromised with the latest ransomware. Plus, because endpoint workloads are moved from the endpoint to the data center, users will have faster logons, quicker application loading, more consistent operation and overall higher performance.

5. Enhanced user controls. To further ensure data privacy, agencies should look to the universe of access controls and authentication applications to add the next layer of security. Technology providers can provide digital identity assurance features at the endpoint that enable secure user authentication via smartcard readers.  The technology uses identity, sign and encrypt certificates -- for government agencies a triple-play defense against unauthorized access to data.  Additionally, access controls can be used to limit data and application access based on location.  Remote and mobile devices can enable new threats as workers may be accessing files via unsecured Wi-Fi networks or out-of-network environments in the home.

Secure endpoints of the future

Gartner foresees double-digit growth in government use of public cloud services, with spending forecast to grow on average 17.1 percent per year through 2021.  However, Gartner reports, data privacy/security, lack of features and concerns about vendor lock-in are still holding back adoption.  These concerns, according to Gartner, will drive private cloud deployment.

Public or private cloud, the secure transmission of data between the endpoint device and the cloud is a priority. A recently published IDC InfoBrief, “Linux and the Thin Client Management Market,” states that “global cloud infrastructure expansion is driving growth in underlying endpoint hardware and software that facilitates cloud access in reliable and secure ways.”

As agencies plan more migration to the cloud, they must reassess their endpoint devices.  This includes looking at a secure Linux OS and at centralized management as two elements that will improve data security. In the larger picture, it’s a good time for agencies to identify hardware assets that can be refreshed to more modern, secure endpoints, and if making new investments, they should consider a Linux-based endpoint OS.  The secure endpoint of the future needs the resources of Linux’ open-source community that thinks ahead to the next technological breakthrough.

With users working from everywhere, using the cloud, tightening control over all devices and carefully adhering to authentication controls will help ensure data privacy while enabling users to have the freedom of device choice they expect today.

NEXT STORY: Are citizens compromising their privacy when registering to vote?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.