This blog was written by an independent guest blogger.
Someone you don’t know walks into your office and sits down at a computer. Maybe that computer is a corporate desktop assigned to a mid-level manager or to a member of your IT department. Maybe it’s a personally owned laptop used by a contractor.
That unknown person plugs a USB dongle into that computer, installs some software (typing in the correct password, if requested), runs that software, and walks away.
No problem, right?
Of course, that’s a problem. Yet that’s what happens every minute of every hour of every day when your workers use the Internet. Every animation from a Web-based business application is, in fact, software that’s downloaded and executed on that laptop or desktop. Each advertising network installs and runs software on the local computer. Every browser plug-in is actually software that runs locally.
Some of those foreign applications are benign, harmless, maybe beneficial. Yet those apps can also dig deep into the end-user’s computer, perhaps accessing the file system and your intellectual property. Or maybe installing malware that can capture user identity information, including passwords and administrative credentials that an attacker can use to access network-based resources — and then launch a ransomware attack that can cripple your servers and cost your business millions.
Remember, when your employees access cloud-based applications, such as ERP or CRM, everything is being delivered right to the desktop… where, potentially, an attacker might see what’s going on.
The Internet has become vital for delivering the things your business needs, like Microsoft Office 365™, Google G-Suite™, Slack™, Salesforce™, NetSuite™, or Workday™. But it also subjects your office computers with risks due to device vulnerabilities, browser flaws, network interception, uncontrolled data access, or corruption of third-party websites via advertising networks or other malicious code.
So, of course you’re not letting some unknown person sit down and access an employee’s endpoint device in person. That’s Cybersecurity 101. But in reality, your employees and contractors are inviting and authorizing foreign attacks by using a Web browser -- any Web browser – and when the malware is installed, nobody even knows. You can’t rely on anti-virus, firewalls, intrusion detection/prevention systems, or deep packet inspection to catch that malware because it came in via a trusted browser app.
To reiterate: Every time your users open a browser and load a web page, they execute third-party code on your computers and internal resources. That’s a wide-open door for every attacker and every exploit they can think of.
What can you do? Stream.
Let me try an analogy. Remember when you got VHS tapes from your local Blockbuster™, or DVDs by mail from Netflix™? You brought the media home and ran it on your local endpoint device – that is, your VHS or DVD player.
We don’t do that anymore; we stream instead. We can see the proliferation of streaming video, not only with Netflix, but with Hulu™, Disney+™, HBO™, Amazon Prime™, CBS All-Access™, and more.
Streaming movie services don’t actually send the movie to your big-screen TV. Instead, they send an image of the movie, frame by frame, custom-formatted to your endpoint specifications. If you can handle 4K, they send 4K frames. If your TV is 1080p, they send 1080p frames. Easy.
To summarize that, you are watching a stream of pictures playing in real time, which are sent by the movie service to be displayed on your TV. The only software involved is the secure Netflix or Hulu app running on your smart TV or set-top box.
Let’s bring that streaming model into the business computing realm: Stop letting users run a browser, which brings the client code for Web applications and advertisements onto their machines and into your network. Instead, have them work with a cloud service, like Authentic8’s Silo, to stream what they need while the applications safely execute in a far-away environment.
The cloud-based service sends back images of that session to the end-user’s laptop or desktop. When the user needs to provide input back to that Web app, the cloud service will do so on their behalf. That enables what the security industry calls a “zero trust” model – which assumes that every piece of code is dangerous, and defends accordingly.
That means no untrusted code runs on your employee or contractor’s laptop or desktop. None. What. So. Ever.
And that means that no untrusted code can ever access your employees’ endpoint file system or your network. Malware can’t worm into the computer’s memory. Malicious fake ads can’t install ransomware or key loggers.
Security of streaming Web applications: Excellent, because no malicious software can touch the user’s computer at all.
Performance of streaming Web applications: Excellent, because the Web application is running in a cloud data center with much more computing horsepower, and much more Internet bandwidth, than the end-user’s computer. All that’s going back to the user are images, remember. Images don’t take much bandwidth at all.
What’s more, with the right cloud-based streaming service, IT and corporate risk managers can have complete control over access to approved and trusted websites. You want to block access to, say, the Dark Web for most employees? Done. But some employees need to access the Dark Web for competitive or security investigations? You can allow that – knowing that bad actors can’t track the session back to you or install malware in a counter-espionage operation.
At home, society has embraced streaming movies and TV shows, instead of putting USB drives and DVDs into media players. At work, it’s time to do the same: Stop letting unknown actors install and run software on your worker’s computers. Stream applications instead, with platforms like Silo. That’s the safe, zero-trust way to go.