madison
Home / News & Blogs

'Controlled cloud' the way to go for security

Vivian Yeo ZDNet Asia | March 19, 2009 8:02 AM PDT

Summary

Enterprise security will increasingly move to include a cloud component but in-the-cloud protection cannot be the only means of defense.

Topics

Protection, Security, Network security, Data security, PC security, Security applications/tools, Cloud computing, Malware, computer, Sophos, Vivian Yeo ZDNet Asia
Enterprise security will increasingly move to include a cloud component but in-the-cloud protection cannot be the only means of defense, according to security vendor Sophos.

Paul Ducklin, head of technology for the Asia-Pacific region at Sophos, told ZDNet Asia in a phone interview that the cloud "is something that will improve existing mechanisms for protection" as it can block access to harmful Web sites or retrieve updates in real time.

But, relying on a service in the cloud is not something that enterprises and individuals can afford to do. "The cloud isn't always there, no matter how incredibly connected you are," he pointed out, adding that there will be times when PCs are not connected due to flights, train rides or simply because there isn't a need to log on to the Internet.

"During those times you [still] want protection to continue--you want that protection to continue when someone plugs their USB drive or mobile phone into your computer so you can look at photographs and maybe pick up something along the way," said Sydney-based Ducklin. For instance, the Conficker worm used the USB drive as its primary attack vector, he noted.

In addition, users need to be protected when downloading content from the Internet that might be encrypted, where an external party is "not able to scan inside it by design".

In-the-cloud protection also may not be able to stop malware from arriving to your computer, as with a case highlighted in a blog post last month. Ultimately, said Ducklin, a defense-in-depth approach is ideal but if protection is only planted in one place, it should be at the endpoint--be it a desktop, notebook or server.

"That doesn't mean you [ought not to] also have it at many other places on the network, but if you've only got one choice of a place to put it, that's the place you have to have it--all others are optional extras," he explained. "And whilst you have endpoint protection, [the security] software should at least take advantage of a cloud-like service in order to download and install any updates as fast as it can."

However, such a strategy needs to be moderated, added Ducklin. Having a sensible change control and risk management system demand that the latest security updates such as fixes and patches, are first validated on a small set--about 5 percent--of the computer population within the network, he explained, and then rolling out to the rest batch by batch.

With a "controlled cloud", updates can be received promptly via the Internet and with proper monitoring, pushed out in a non-instantaneous fashion, said Ducklin.

A spokesperson from Trend Micro's TrendLabs, told ZDNet Asia in an e-mail that the scenario described in the Sophos blog post is "just another layer of obfuscation malware authors use to avert security programs" which can be thwarted with multi-layered security.

However, going forward, in-the-cloud antivirus providers such as Trend Micro, will require added capability to manage encryption, decryption or "fuzzing" algorithms, the spokesperson added. There also needs to be "tighter integration" with other security components such as firewalls and behavior-monitoring engines.

This article was originally posted on ZDNet Asia.

Talkback Most Recent of 2 Talkback(s)

  • Won't happen!
    The likes of the sleezy, slimy, unethical companies promoting cloud computing have just about insured cloud computing will never happen.
    Would you trust your data to the point of allowing complete control of it to a company like google who has demonstrated they have no problems turning it over to whomever threatens them on a given day. I don't think so!
    ZDNet Gravatar
    Eddy-ICUR12
    30th Mar 2009
  • RE: 'Controlled cloud' the way to go for security
    The article talks about security as if it were one or two tasks to be done--either in the cloud or otherwise. It turns out that securing one or two aspects of an operation is a pure waste of money. This is like locking the front door of a house and leaving the back doors and windows open. The right way to think of security is to understand the overall business and make sure that the entire operation and its threats are understood. After that, the security budget needs to be allocated to the different areas according to their importance.

    It is, of course, natural for certain functions to be done in the cloud and others to be done at the end point, and there may be others that actually need to be done on-premise at the network itself. The cloud does add a lot of resources, as well as expertise, to the securing of an enterprise, but understanding the business is the most important factor. If I had a very limited budget, for example, I would make sure that the most important business application was secured first. Wouldn't you?

    Taher Elgamal
    Chief Security Officer
    Axway
    ZDNet Gravatar
    TaherElgamal
    31st Mar 2009

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity