Is the cloud better for small business security?
Posted on 30 Jul 2012 at 09:34
The cloud is often perceived as a data security threat, but as Davey Winder explains, it also has a major role to play when it comes to the fight against malware
In the face of an explosion in malware attacks, security vendors have been developing new weapons to fight the threat and protect data. Just a handful of years ago, at the prosumer hobbyist and small business scale, this would have meant even bigger software suites, sucking up even more of your time, money and computer resources. Today there is a new weapon in the fight against malware: the cloud.
Hero or hype?
It probably hasn't escaped your attention that just about every security vendor is jumping on the cloud bandwagon. Existing products are being updated and new services launched, all with a triumphant splash of cloud on the box.
There are efficiencies of scale where data centres may be devoted to scanning for malware in ways that aren’t possible on a laptop
Although some vendors have been guilty of changing nothing but the advertising angles, there can be no doubting that the security market has changed. Which begs the question, just why is the security industry embracing the cloud with such open arms? I put that question to Martin Lee, a senior software engineer at Symantec. "For security vendors, the cloud offers a number of advantages," he explained.
"There are efficiencies of scale where data centres may be devoted to scanning for malware in ways that aren’t possible on a laptop. Equally, with so much information regarding the changes in the threat environment in one place, we see network efficiencies where we can rapidly detect changes in the types of malware in current circulation and react to that."
In the case of the Symantec.cloud product, for example, this means that email traffic can be filtered by accepting messages on behalf of clients and removing malicious messages before delivering clean content; web traffic can be filtered by acting as a proxy to ensure acceptable use policies are enforced and malware removed; and these things can be done whether the end user is in the office, on the road or at home.
David Emm, a senior regional researcher with the Kaspersky Lab Global Research & Analysis Team, told us that the cloud is an important part of a drive towards more proactive anti-malware protection and the use of a cloud-based reputation system, for example, "enhances protection, reduces the response time to new threats and prevents an untoward performance hit on the endpoint". He describes cloud-based systems as being like a neighbourhood watch scheme, where every connected endpoint is proactively protected from a malicious object found anywhere else in this distributed network, and in real-time.
Darren Pitman, head of compliance and security practice at niu Solutions agrees that the cloud provides a "broader visibility" of threats, making the early warning and detection of things that traditional anti-malware struggles with, such as advanced persistent threats (APTs), possible. "Effective IT security has always relied on having a layered defence," Pitman adds, and thanks to the cloud security models "we're seeing more and more layers appearing".
Not everyone believes the cloud has a silver lining for business security. Robert Rutherford, MD of QuoStar Solutions told PC Pro that clients have always pulled configurations, definitions and updates from the network, the only difference with the cloud being "that the server is now just sat in a data centre somewhere and you have your own web based control panel with a secured view of your nodes".
Nevertheless, Rutherford is clear that it's a better option "for many small and mid-sized organisations without dedicated IT teams" who don't need the greater control and integration that larger businesses will require. "The difference in security between the two in real-terms is arguable," Rutherford adds.
Others argue that cloud-based security is too rigid. "With traditional services, companies have more control and flexibility to set policy for different areas of the network," claims John Vincent, partner at Broadgate Consultants.
Then there's the remoteness of it all which could, as Phil Robinson, a director at Digital Assurance, points out "render the service unavailable, or lead to performance problems due to the time taken to exchange data and potential malware feedback", not forgetting that if your web or mail traffic are to be the subject of remote analysis in the cloud "this information will be exposed to a third-party organisation and as such there may be potential concerns around confidentiality and privacy".
There are ups and downs to the cloud security model, but security vendors are using the strengths of the cloud to deliver improved security to small business and home power users. "It's a great method for harvesting the latest threat information from a global network of users," Check Point's UK managing director, Terry Greer-King, concludes "which shortens the analysis and solution development cycle".
Greer-King thinks that if you consider these cloud-based security solutions as being like the World Health Organization and international centres for disease control dealing with Swine Flu, any remaining confusion on this point can be dispelled. "In the same way that CDCs and the WHO bodies enable localised efforts to be coordinated to global benefit, cloud security services can achieve the same," he claims.
Author: Davey Winder
"In the face of an explosion in malware attacks"
What explosion? :)
"Is the cloud better for small business security?"
Not a chance. Sorry, not going to do it, it's simply not viable for this company and after a few years of cloud the business model will once again swing back to on-premises servers. (We're an SMB)
The circle spins on and on.
By rhythm on 30 Jul 2012
By allowing a service to allow users to save data in Cyberspace, is not my idea of cutting edge, whilst this sort of technology has been around and been used by business IT departments through out the last ten years. However, security threat or not, well, new line services create new line risks.. I can see a few already.. but it all about the CLOUD thyng.. A new way of marketing does not invent secure policies..
By TECHBAY on 1 Aug 2012
Its not just anti-virus protection
Using cloud solutions is not just about anti-virus protection, it is about data storage and security too.
Many small businesses rightly worry about how safe their data will be if it is stored in the cloud. But with the right cloud application vendor, your data will be safer that on your servers - backups that work, 99.999% availability and no data stored on easily stolen laptops.
By SamGreen on 6 Aug 2012
For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on firstname.lastname@example.org
- Apple TV adds HBO Go, Sky News and WatchESPN
- Surface RT tablets to feature Qualcomm processors
- Microsoft frees two million PCs from botnet
- Government wheedles more funding for online child protection from ISPs
- AMD’s "Seattle" ARM chips set for 2014 release
- Microsoft offloads cheap Surface RT tablets to schools
- Outlook.com to ditch linked accounts over security fears
- Adobe’s subscription-only Creative Cloud goes live
- Skype rolls out free video voicemail
- Spotify confirms UK outage
- Adobe Dreamweaver CC review: first look
- Huawei Ascend P6 review: first look
- Adobe Illustrator CC review: first look
- Let MPs tell us what they really want ISPs to block
- Adobe Photoshop CC review: first look
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?