'Controlled cloud' the way to go for security

Malware landscape will more and more dictate a cloud component for security software to be effective, but a security model cannot solely rely on a cloud service, says Sophos.

Enterprise security will increasingly move to include a cloud component but in-the-cloud protection cannot be the only means of defense, according to security vendor Sophos.

Paul Ducklin, head of technology for the Asia-Pacific region at Sophos, told ZDNet Asia in a phone interview that the cloud "is something that will improve existing mechanisms for protection" as it can block access to harmful Web sites or retrieve updates in real time.

But, relying on a service in the cloud is not something that enterprises and individuals can afford to do. "The cloud isn't always there, no matter how incredibly connected you are," he pointed out, adding that there will be times when PCs are not connected due to flights, train rides or simply because there isn't a need to log on to the Internet.

"During those times you [still] want protection to continue--you want that protection to continue when someone plugs their USB drive or mobile phone into your computer so you can look at photographs and maybe pick up something along the way," said Sydney-based Ducklin. For instance, the Conficker worm used the USB drive as its primary attack vector, he noted.

In addition, users need to be protected when downloading content from the Internet that might be encrypted, where an external party is "not able to scan inside it by design".

Cloud computing faces security challenges

Along with the benefits, cloud computing or cloud service certainly has its security challenges, IDC Asia-Pacific's research manager of infrastructure software Judy Wu, said in an e-mail interview.
Pointing to Google's recent cloud hiccup, where a bug caused documents to be shared among users that were not supposed to view them, Wu said leaving sensitive data outside the corporate perimeter and firewall is a major concern.
"As with any technology, when users enjoy the benefits, they also inherit the potential risks," she noted. "Cloud service providers understand the security challenges and have implemented powerful security protection gear within their infrastructure.
"At the same time, end users should have sufficient protection on their laptops or mobile devices, as these malware or Trojans usually end up starting themselves and running on the endpoint, no matter how they get transported," added Wu.

In-the-cloud protection also may not be able to stop malware from arriving to your computer, as with a case highlighted in a blog post last month. Ultimately, said Ducklin, a defense-in-depth approach is ideal but if protection is only planted in one place, it should be at the endpoint--be it a desktop, notebook or server.

"That doesn't mean you [ought not to] also have it at many other places on the network, but if you've only got one choice of a place to put it, that's the place you have to have it--all others are optional extras," he explained. "And whilst you have endpoint protection, [the security] software should at least take advantage of a cloud-like service in order to download and install any updates as fast as it can."

However, such a strategy needs to be moderated, added Ducklin. Having a sensible change control and risk management system demand that the latest security updates such as fixes and patches, are first validated on a small set--about 5 percent--of the computer population within the network, he explained, and then rolling out to the rest batch by batch.

With a "controlled cloud", updates can be received promptly via the Internet and with proper monitoring, pushed out in a non-instantaneous fashion, said Ducklin.

A spokesperson from Trend Micro's TrendLabs, told ZDNet Asia in an e-mail that the scenario described in the Sophos blog post is "just another layer of obfuscation malware authors use to avert security programs" which can be thwarted with multi-layered security.

However, going forward, in-the-cloud antivirus providers such as Trend Micro, will require added capability to manage encryption, decryption or "fuzzing" algorithms, the spokesperson added. There also needs to be "tighter integration" with other security components such as firewalls and behavior-monitoring engines.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All