Choosing the cloud
Security-as-a-service (SaaS) reduces costs and complexity, but there are hybrid options for those who want the hands-on experience as well.
Jonathan Wilkinson, director of hosted security at Websense, speaking at last week's ITWeb Security Summit, explained that SaaS is e-mail and Web security delivered in the cloud. Due to the nature of this type of security, there are numerous advantages, according to Wilkinson, but some barriers to its adoption also exist.
Wilkinson said one of the first problems in the take-up of SaaS is that people don't realise the full extent of the risk their data faces.
“Part of the problem is painting a picture to know the full extent of the problem.” He explained that many people have the mentality of “if it ain't broke, don't fix it”. They don't see any flaw in the security they have already. “They may think their e-mail stops spam quite effectively so they ask themselves why they need anything else.”
Wilkinson said simple filters were fine before, because malware was attached to the e-mail, but now there are links that are in the e-mail that leads the user to another site, which harvests their confidential data, such as bank account details.
He added that the sites look authentic and secure, and cyber criminals choose the popular sites that get the most traffic.
“And people are just itching to press that link. Now they [phishers] even send a second e-mail with a patch and tell you to click on the patch, acting like the good guys. They're targeting the people who didn't click the first time.”
Wilkinson said with SaaS this risk is decreased, as traffic is routed through data centres and filtered before reaching the network.
He added that the move to the cloud ensures the business is protected against modern threats and risks, while reducing cost and freeing up IT time.
Apart from protection against converged Web and e-mail threats, Wilkinson said SaaS prevents data loss and ensures acceptable use where outbound data leaks are a serious concern.
An additional advantage is that cloud computing can be tested first without having to purchase any hardware or software, according to Wilkinson.
He made note of some barriers to adoption of the cloud.
People still have concerns around privacy and are wary of the cost structure. Wilkinson said the Internet is inherently insecure. “So the cloud is no less secure than your e-mail today. There is added encryption value to reduce or prevent interception. So I may say that the cloud is more secure.”
He also made note of a perceived loss of control that stops adoption of the cloud, but said that control can be retained.
When deciding whether to go with a hands-on or hands-off (cloud) solution, Wilkinson said: “It's a different answer for everybody. So you must see what the vendors can offer you.”
If choosing SaaS, there are certain factors that must be taken into consideration, according to Wilkinson. Among them are ensuring the vendor has a proven record in security, getting a single management console, and demonstrable integration for threat detection.
He added there are hybrid options where customers can get the best of both worlds.