Is the cloud better for small business security?
Posted on 30 Jul 2012 at 09:34
The cloud is often perceived as a data security threat, but as Davey Winder explains, it also has a major role to play when it comes to the fight against malware
In the face of an explosion in malware attacks, security vendors have been developing new weapons to fight the threat and protect data. Just a handful of years ago, at the prosumer hobbyist and small business scale, this would have meant even bigger software suites, sucking up even more of your time, money and computer resources. Today there is a new weapon in the fight against malware: the cloud.
Hero or hype?
It probably hasn't escaped your attention that just about every security vendor is jumping on the cloud bandwagon. Existing products are being updated and new services launched, all with a triumphant splash of cloud on the box.
There are efficiencies of scale where data centres may be devoted to scanning for malware in ways that aren’t possible on a laptop
Although some vendors have been guilty of changing nothing but the advertising angles, there can be no doubting that the security market has changed. Which begs the question, just why is the security industry embracing the cloud with such open arms? I put that question to Martin Lee, a senior software engineer at Symantec. "For security vendors, the cloud offers a number of advantages," he explained.
"There are efficiencies of scale where data centres may be devoted to scanning for malware in ways that aren’t possible on a laptop. Equally, with so much information regarding the changes in the threat environment in one place, we see network efficiencies where we can rapidly detect changes in the types of malware in current circulation and react to that."
In the case of the Symantec.cloud product, for example, this means that email traffic can be filtered by accepting messages on behalf of clients and removing malicious messages before delivering clean content; web traffic can be filtered by acting as a proxy to ensure acceptable use policies are enforced and malware removed; and these things can be done whether the end user is in the office, on the road or at home.
David Emm, a senior regional researcher with the Kaspersky Lab Global Research & Analysis Team, told us that the cloud is an important part of a drive towards more proactive anti-malware protection and the use of a cloud-based reputation system, for example, "enhances protection, reduces the response time to new threats and prevents an untoward performance hit on the endpoint". He describes cloud-based systems as being like a neighbourhood watch scheme, where every connected endpoint is proactively protected from a malicious object found anywhere else in this distributed network, and in real-time.
Darren Pitman, head of compliance and security practice at niu Solutions agrees that the cloud provides a "broader visibility" of threats, making the early warning and detection of things that traditional anti-malware struggles with, such as advanced persistent threats (APTs), possible. "Effective IT security has always relied on having a layered defence," Pitman adds, and thanks to the cloud security models "we're seeing more and more layers appearing".
Not everyone believes the cloud has a silver lining for business security. Robert Rutherford, MD of QuoStar Solutions told PC Pro that clients have always pulled configurations, definitions and updates from the network, the only difference with the cloud being "that the server is now just sat in a data centre somewhere and you have your own web based control panel with a secured view of your nodes".
Nevertheless, Rutherford is clear that it's a better option "for many small and mid-sized organisations without dedicated IT teams" who don't need the greater control and integration that larger businesses will require. "The difference in security between the two in real-terms is arguable," Rutherford adds.
Others argue that cloud-based security is too rigid. "With traditional services, companies have more control and flexibility to set policy for different areas of the network," claims John Vincent, partner at Broadgate Consultants.
Then there's the remoteness of it all which could, as Phil Robinson, a director at Digital Assurance, points out "render the service unavailable, or lead to performance problems due to the time taken to exchange data and potential malware feedback", not forgetting that if your web or mail traffic are to be the subject of remote analysis in the cloud "this information will be exposed to a third-party organisation and as such there may be potential concerns around confidentiality and privacy".
There are ups and downs to the cloud security model, but security vendors are using the strengths of the cloud to deliver improved security to small business and home power users. "It's a great method for harvesting the latest threat information from a global network of users," Check Point's UK managing director, Terry Greer-King, concludes "which shortens the analysis and solution development cycle".
Greer-King thinks that if you consider these cloud-based security solutions as being like the World Health Organization and international centres for disease control dealing with Swine Flu, any remaining confusion on this point can be dispelled. "In the same way that CDCs and the WHO bodies enable localised efforts to be coordinated to global benefit, cloud security services can achieve the same," he claims.
Author: Davey Winder
"In the face of an explosion in malware attacks"
What explosion? :)
"Is the cloud better for small business security?"
Not a chance. Sorry, not going to do it, it's simply not viable for this company and after a few years of cloud the business model will once again swing back to on-premises servers. (We're an SMB)
The circle spins on and on.
By rhythm on 30 Jul 2012
By allowing a service to allow users to save data in Cyberspace, is not my idea of cutting edge, whilst this sort of technology has been around and been used by business IT departments through out the last ten years. However, security threat or not, well, new line services create new line risks.. I can see a few already.. but it all about the CLOUD thyng.. A new way of marketing does not invent secure policies..
By TECHBAY on 1 Aug 2012
Its not just anti-virus protection
Using cloud solutions is not just about anti-virus protection, it is about data storage and security too.
Many small businesses rightly worry about how safe their data will be if it is stored in the cloud. But with the right cloud application vendor, your data will be safer that on your servers - backups that work, 99.999% availability and no data stored on easily stolen laptops.
By SamGreen on 6 Aug 2012
For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on firstname.lastname@example.org
- Sony warns of fresh VAIO battery fires
- 4G version of Surface 2 launched in the UK
- BlackBerry CEO says not selling off phones "any time soon"
- 13 May: the day we'll know if Microsoft is really abandoning Windows XP
- Office for iPad hits 12m downloads, but receives poor reviews
- Windows Phone 8.1 gets its own PA: Cortana
- 24m vulnerable home routers ready to launch DDoS attacks
- Mozilla's Eich: my views on gay marriage are irrelevant
- Windows support scam ringleader convicted
- Intel takes $740m bet on big data firm, Cloudera
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?