The other day I was asked about application whitelisting as a way to deal with endpoint issues in virtual and cloud environments. I never really thought about it in this space, as usually application whitelisting was a technique used to control rogue users who like to install anything and everything on their desktops and laptops. So how does this practice affect virtual and cloud environments, and more importantly, does it make sense?
Cloud-based whitelisting is a newer approach to dealing with controlling the types of applications that exist in cloud and virtual environments. Several vendors have started offering this service, most recently McAfee with their Application Control which they integrate with the Global Threat Intelligence. This is to help create a broader database of applications under their watch and provide more succinct reputation awareness for these applications.
The problem with application control (historically) is that they were created for environments that consisted of fixed hardware, usually servers, that weren’t incredibly dynamic. Desktops got messier because if you just blocked the application, you usually just pissed off the end-user which resulted in them spending more effort to figure out a rogue way to access the application, creating a huge security hole that requires more attention than if you’d allowed the installation in the first place.
Cloud is a little trickier, since the idea is to have it be a flexible organism in that you can use it to deploy desktop infrastructure to end users and allow for web application usage. There are more operating systems and applications involved now, and even more complexity depending if the desktops are running in virtual environments (VDI for example). But there are huge opportunities here as well. For example, if the whole process for deploying desktop architecture was automated whereby a user could select the programs they wanted (such as MS office or Firefox) and IT would continually update this whitelist with acceptable applications. This would reduce the issues with rogue endpoint malware (usually obtained when someone tries to install a program they shouldn’t!) and provide better management capabilities for managing these endpoints from a security posture. You could also use it to ensure that applications built for specific environments (such as web applications which run in one browser but not so good in another) are run properly to reduce IT headaches.
But is whitelisting the best way to deal with applications in virtual environments? If it’s done properly with tools that understand the unique properties that virtual environments require, such as applications which are deployed within a VM, or that use virtual hardware on the backend, it’s a great option to help reduce endpoint headaches. Just ensure that the solution you want to implement is built for cloud and can scale to meet the increasing workload that cloud brings.