Is the cloud better for small business security?
The cloud is often perceived as a data security threat, but as Davey Winder explains, it also has a major role to play when it comes to the fight against malware
In the face of an explosion in malware attacks, security vendors have been developing new weapons to fight the threat and protect data. Just a handful of years ago, at the prosumer hobbyist and small business scale, this would have meant even bigger software suites, sucking up even more of your time, money and computer resources. Today there is a new weapon in the fight against malware: the cloud.
Hero or hype?
It probably hasn't escaped your attention that just about every security vendor is jumping on the cloud bandwagon. Existing products are being updated and new services launched, all with a triumphant splash of cloud on the box.
There are efficiencies of scale where data centres may be devoted to scanning for malware in ways that aren’t possible on a laptop
Although some vendors have been guilty of changing nothing but the advertising angles, there can be no doubting that the security market has changed. Which begs the question, just why is the security industry embracing the cloud with such open arms? I put that question to Martin Lee, a senior software engineer at Symantec. "For security vendors, the cloud offers a number of advantages," he explained.
"There are efficiencies of scale where data centres may be devoted to scanning for malware in ways that aren’t possible on a laptop. Equally, with so much information regarding the changes in the threat environment in one place, we see network efficiencies where we can rapidly detect changes in the types of malware in current circulation and react to that."
In the case of the Symantec.cloud product, for example, this means that email traffic can be filtered by accepting messages on behalf of clients and removing malicious messages before delivering clean content; web traffic can be filtered by acting as a proxy to ensure acceptable use policies are enforced and malware removed; and these things can be done whether the end user is in the office, on the road or at home.
David Emm, a senior regional researcher with the Kaspersky Lab Global Research & Analysis Team, told us that the cloud is an important part of a drive towards more proactive anti-malware protection and the use of a cloud-based reputation system, for example, "enhances protection, reduces the response time to new threats and prevents an untoward performance hit on the endpoint". He describes cloud-based systems as being like a neighbourhood watch scheme, where every connected endpoint is proactively protected from a malicious object found anywhere else in this distributed network, and in real-time.
Darren Pitman, head of compliance and security practice at niu Solutions agrees that the cloud provides a "broader visibility" of threats, making the early warning and detection of things that traditional anti-malware struggles with, such as advanced persistent threats (APTs), possible. "Effective IT security has always relied on having a layered defence," Pitman adds, and thanks to the cloud security models "we're seeing more and more layers appearing".
Not everyone believes the cloud has a silver lining for business security. Robert Rutherford, MD of QuoStar Solutions told PC Pro that clients have always pulled configurations, definitions and updates from the network, the only difference with the cloud being "that the server is now just sat in a data centre somewhere and you have your own web based control panel with a secured view of your nodes".
Nevertheless, Rutherford is clear that it's a better option "for many small and mid-sized organisations without dedicated IT teams" who don't need the greater control and integration that larger businesses will require. "The difference in security between the two in real-terms is arguable," Rutherford adds.
Others argue that cloud-based security is too rigid. "With traditional services, companies have more control and flexibility to set policy for different areas of the network," claims John Vincent, partner at Broadgate Consultants.
Then there's the remoteness of it all which could, as Phil Robinson, a director at Digital Assurance, points out "render the service unavailable, or lead to performance problems due to the time taken to exchange data and potential malware feedback", not forgetting that if your web or mail traffic are to be the subject of remote analysis in the cloud "this information will be exposed to a third-party organisation and as such there may be potential concerns around confidentiality and privacy".
There are ups and downs to the cloud security model, but security vendors are using the strengths of the cloud to deliver improved security to small business and home power users. "It's a great method for harvesting the latest threat information from a global network of users," Check Point's UK managing director, Terry Greer-King, concludes "which shortens the analysis and solution development cycle".
Greer-King thinks that if you consider these cloud-based security solutions as being like the World Health Organization and international centres for disease control dealing with Swine Flu, any remaining confusion on this point can be dispelled. "In the same way that CDCs and the WHO bodies enable localised efforts to be coordinated to global benefit, cloud security services can achieve the same," he claims.