Skip to navigation
Security cabinet

Is the cloud better for small business security?

Posted on 30 Jul 2012 at 09:34

The cloud is often perceived as a data security threat, but as Davey Winder explains, it also has a major role to play when it comes to the fight against malware

In the face of an explosion in malware attacks, security vendors have been developing new weapons to fight the threat and protect data. Just a handful of years ago, at the prosumer hobbyist and small business scale, this would have meant even bigger software suites, sucking up even more of your time, money and computer resources. Today there is a new weapon in the fight against malware: the cloud.

Hero or hype?

It probably hasn't escaped your attention that just about every security vendor is jumping on the cloud bandwagon. Existing products are being updated and new services launched, all with a triumphant splash of cloud on the box.

There are efficiencies of scale where data centres may be devoted to scanning for malware in ways that aren’t possible on a laptop

Although some vendors have been guilty of changing nothing but the advertising angles, there can be no doubting that the security market has changed. Which begs the question, just why is the security industry embracing the cloud with such open arms? I put that question to Martin Lee, a senior software engineer at Symantec. "For security vendors, the cloud offers a number of advantages," he explained.

"There are efficiencies of scale where data centres may be devoted to scanning for malware in ways that aren’t possible on a laptop. Equally, with so much information regarding the changes in the threat environment in one place, we see network efficiencies where we can rapidly detect changes in the types of malware in current circulation and react to that."

In the case of the product, for example, this means that email traffic can be filtered by accepting messages on behalf of clients and removing malicious messages before delivering clean content; web traffic can be filtered by acting as a proxy to ensure acceptable use policies are enforced and malware removed; and these things can be done whether the end user is in the office, on the road or at home.

Proactive protection

David Emm, a senior regional researcher with the Kaspersky Lab Global Research & Analysis Team, told us that the cloud is an important part of a drive towards more proactive anti-malware protection and the use of a cloud-based reputation system, for example, "enhances protection, reduces the response time to new threats and prevents an untoward performance hit on the endpoint". He describes cloud-based systems as being like a neighbourhood watch scheme, where every connected endpoint is proactively protected from a malicious object found anywhere else in this distributed network, and in real-time.

Darren Pitman, head of compliance and security practice at niu Solutions agrees that the cloud provides a "broader visibility" of threats, making the early warning and detection of things that traditional anti-malware struggles with, such as advanced persistent threats (APTs), possible. "Effective IT security has always relied on having a layered defence," Pitman adds, and thanks to the cloud security models "we're seeing more and more layers appearing".

Cloud sceptics

Not everyone believes the cloud has a silver lining for business security. Robert Rutherford, MD of QuoStar Solutions told PC Pro that clients have always pulled configurations, definitions and updates from the network, the only difference with the cloud being "that the server is now just sat in a data centre somewhere and you have your own web based control panel with a secured view of your nodes".

Nevertheless, Rutherford is clear that it's a better option "for many small and mid-sized organisations without dedicated IT teams" who don't need the greater control and integration that larger businesses will require. "The difference in security between the two in real-terms is arguable," Rutherford adds.

Others argue that cloud-based security is too rigid. "With traditional services, companies have more control and flexibility to set policy for different areas of the network," claims John Vincent, partner at Broadgate Consultants.

Then there's the remoteness of it all which could, as Phil Robinson, a director at Digital Assurance, points out "render the service unavailable, or lead to performance problems due to the time taken to exchange data and potential malware feedback", not forgetting that if your web or mail traffic are to be the subject of remote analysis in the cloud "this information will be exposed to a third-party organisation and as such there may be potential concerns around confidentiality and privacy".

Cloud sourcing

There are ups and downs to the cloud security model, but security vendors are using the strengths of the cloud to deliver improved security to small business and home power users. "It's a great method for harvesting the latest threat information from a global network of users," Check Point's UK managing director, Terry Greer-King, concludes "which shortens the analysis and solution development cycle".

Greer-King thinks that if you consider these cloud-based security solutions as being like the World Health Organization and international centres for disease control dealing with Swine Flu, any remaining confusion on this point can be dispelled. "In the same way that CDCs and the WHO bodies enable localised efforts to be coordinated to global benefit, cloud security services can achieve the same," he claims.

Author: Davey Winder

For further coverage of cloud computing visit our sister site Cloud Pro.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments


"In the face of an explosion in malware attacks"

What explosion? :)

"Is the cloud better for small business security?"

Not a chance. Sorry, not going to do it, it's simply not viable for this company and after a few years of cloud the business model will once again swing back to on-premises servers. (We're an SMB)

The circle spins on and on.

By rhythm on 30 Jul 2012

I think..

By allowing a service to allow users to save data in Cyberspace, is not my idea of cutting edge, whilst this sort of technology has been around and been used by business IT departments through out the last ten years. However, security threat or not, well, new line services create new line risks.. I can see a few already.. but it all about the CLOUD thyng.. A new way of marketing does not invent secure policies..

By TECHBAY on 1 Aug 2012

Its not just anti-virus protection

Using cloud solutions is not just about anti-virus protection, it is about data storage and security too.

Many small businesses rightly worry about how safe their data will be if it is stored in the cloud. But with the right cloud application vendor, your data will be safer that on your servers - backups that work, 99.999% availability and no data stored on easily stolen laptops.

Sam Green

By SamGreen on 6 Aug 2012

Leave a comment

You need to Login or Register to comment.


For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on


Latest News StoriesSubscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing


Sponsored Links

Your email:

Your password:

remember me


Hitwise Top 10 Website 2010

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.