Why web security is best served in the cloud

Abrahams Accessibility Peter Abrahams 7th February - Android: Ice Cream Sandwich Accessibliity

The Norfolk Punt David Norfolk 7th February - BCS CMSG Conference 2012

MWD Advisors Neil Ward-Dutton 3rd February - Developing process applications: a place for everything, and everything in its place

Fern Halper Dr Fern Halper 31st January - Four Vendor Views on Big Data and Big Data Analytics: IBM

Bloor Security Blog Fran Howarth 30th January - Getting ahead in the cloud

Bloor IM Blog Philip Howard 25th January - Cassandra and Hadoop

Blogs > Bloor Security Blog

By: Fran Howarth, Practice Leader, Bloor Research
Published: 19th February 2010
Copyright Bloor Research © 2010

Most business today is conducted electronically, with the internet a prime communications mechanism and resource for finding and sharing information. Yet its importance makes it a prime vector of attack for hackers that are looking to steal information for commercial gain. Because of this, malware threats are actually on the rise after years of tailing off. The 2009 CSI computer crime and security survey recently reported that malware attacks had been experienced by more than 64% of respondents in 2009, up from 50% in 2008, and making this the most prevalent type of attack seen.

Not only are attacks rising in number, but they are also becoming more complex and sophisticated. The number of variants of particular samples of malware is increasing dramatically and hackers are increasingly using blended mechanisms to make their attacks more effective, for example, using a combination of email and web exploits to increase their chances of success.

Traditional malware defences struggle to cope. Vendors struggle to write fixes for new malware variants as they come to light and end-user machines need to be regularly updated so that they have the latest protection. That can be an administrative nightmare if an organisation tries to handle web security issues in-house.

A better strategy can be to outsource the service to experts--and especially those offering software-as-a-service offerings based in the cloud. Such services are backed up by resource centres staffed with researchers who are constantly looking for the latest threats and scanning websites for potential exploits. By using advanced techniques, such as heuristics that look for particular behaviour associated with malware, rather than trying to fix a problem with a signature, so that previously unseen threats can be stopped in their tracks.

And the use of a service based in the cloud means that those threats can be stopped at there point where they are emanating from--the web--so that no exploits actually reach an organisation's network. This not only has the benefit of better protection against web-based threats, but can also mean lowered costs for the organisation as the service is delivered on a subscription basis, meaning there is no capital expenditure required on software licences and the hardware needed to run them.

This subject is discussed in greater detail in a series of papers, of which this is the first: The realities of web security

Reader Comments

We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.

24th February 2010: 'HN' said:

This piece makes very little sense. Use of heuristics is ancient news in the AV sector, and the appeal to cloud as the malware answer ignores the obvious problem - these attacks are by and large aimed at end-user desktop PCs that will persist no matter how much business logic and application support you outsource. Is it the author's contention that my office somehow just has no systems left to target, post-cloud?

Reply to HN?