How Network Security Must Evolve to Properly Protect Data David Hallinan Published: March 31, 2020 *This article is part of the Kloudless Guide to Cloud Security, A comprehensive guide to all things Cloud Security in 2020 for security software of all verticals.Protecting data from malicious intent is of paramount importance to security software. Just as hackers have evolved their techniques to threaten our data, so has the means of protection put in place to safeguard from attack. The primary means of keeping malevolent forces from intercepting or penetrating the systems in place that our computers or servers connect with is referred to as network security. Network security is further aided by a concept of analyzing the devices on a network, known as endpoint security.Network security is the implementation of prevention and protection methods against unauthorized actors in a corporate network. This is generally accomplished with both physical and software measures to ensure that computers, users, and programs within a platform are safeguarded from unauthorized access, misuse, or in the most extreme cases, destruction. Network security is primarily in place to keep unauthorized people or programs from accessing networks and the devices connected to them.Endpoint security, while related to network security, is a smaller subsection of the overall protection within a network. The traditional definition of endpoint security is the protection of individual devices that connect to a network. This refers to the computers, servers, mobile phones, tablets, and other devices that all make up the “endpoints” of a network.Nowadays, we find our daily lives and workflows powered by more than simply the standard hardware of the past like laptops and smartphones. IoT devices and wearables are constantly connected to the same networks that the aforementioned devices are, and our data no longer exists strictly on our personal computers. The proliferation of cloud-based services and their integration into popular software and operating systems has led to a new frontier of “endpoints” that must be monitored as much, if not more, than just the devices we connect to a network with.Network Security of the PastBefore cloud software became as prevalent as it is today, network security focused primarily on internal networks. This was mostly as a result of 3rd-party software being offered strictly in the form of on-premise deployments. By being incorporated into an organization’s own network, 3rd-party software’s user data remained housed in the network’s internal servers and thus could be protected in the same way as any physical hardware within the network could. However, with the growing number of cloud services being integrated into applications via application programming interfaces, user data is increasingly housed remotely in the servers of these cloud services. For instance, if an application integrates with Dropbox, the files and folders that a user needs for their workflow are still contained within Dropbox’s centralized servers, and cannot be protected in their transmission by an organization’s internal network security.This prevalence of cloud service integrations has led to a need for an updated definition of endpoint security, and network security, as a whole.The New Network SecurityIf the antiquated definition of endpoint security refers to the protection of the physical devices that make up a network, then the contemporary definition must also account for the external cloud services that these devices connect with. Despite being remote from the network they transmit data to and from, these SaaS cloud services now act as nodes within the expanded network and their data flow is privy to the same malicious intent that organizations must protect from internally.Essentially, cloud apps are now endpoints in the new network, and network security must expand to monitor the data that flows between them. Security software increasingly must now account for dozens to hundreds of outside services interacting within a network to properly protect their users’ data and networks. More so, security software cannot simply observe the data that transmits between the network and cloud app endpoints to protect against harm. Security software now requires direct API integrations with the cloud services that make up these endpoints in a network.Why, you may ask? At the end of the day, security software of all verticals are looking to gather as comprehensive data as possible to properly perform their tasks. Without API connectivity, that data is incomplete. The underlying metadata that comes with direct API connectivity provides a thorough and complete picture that security software cannot properly protect their users without. Be it a CASB, UEBA, SIEM, DLP, or Security Analytics software, the full metadata provides an exhaustive account of every piece of information transmitted across a network. The Future of ConnectivityThe future of network and endpoint security is not some far off future that we must prepare to meet. It is already here, and security software that does not account for it will fall by the wayside as they cannot properly protect the data and access to the networks they look to safeguard.Software-as-a-Service is the new “cloud app endpoints,” and every vertical of security software must abide by this new definition of network security to properly evolve. To learn more about how Kloudless can help your security software integrate with over 100 cloud services, contact us at email@example.com*This article is part of the Kloudless Guide to Cloud Security, A comprehensive guide to all things Cloud Security in 2020 for security software of all verticals.