A vendor just released what it calls a "cloud-based endpoint security solution" for the enterprise. I've seen a number of similar offerings recently that offer network scanning, configuration management and the like, but I'm concerned about things like availability, latency and, frankly, overall reliability. Is this the wave of the future, or do I have a legitimate concern with any cloud endpoint security service that promises to secure enterprise endpoints?
I am a big fan of cloud-based security services and while I haven’t used such a product for endpoint security yet, there isn’t any inherent reason to avoid them. In fact, I would not be surprised to see these sorts of cloud security services become commonly used by enterprises in the coming years. I’ve already seen some successful deployments of cloud-based vulnerability scanning and log monitoring products and I suspect endpoint management might be next.
First of all, it’s important to consider what part of the endpoint product actually resides in the cloud. When dealing with endpoint security, organizations must have some agent present on the remote device to provide robust antivirus, firewall and other security controls. Unless there’s some major breakthrough in security technology, this requirement won’t go away. It also resolves the latency and availability issues that are common if the actual scanning is occurring on the endpoint.
Management of these products is where the cloud holds great potential. In my opinion, security professionals spend too much time tinkering with security products to make them work properly; as a result, they don’t get to spend enough time on valuable activities such as analyzing suspected intrusions and proactively designing security controls. By leveraging economies of scale, cloud-based providers can reduce the total amount of time spent tinkering and clear these mundane activities from the plates of the folks “on the ground.”
Imagine if an enterprise never had to upgrade its malware management system again. Instead of spending time installing software patches and maintaining hardware, it would be able to spend that time using a cloud-based console to analyze malware trends within the organization; identifying and remediating the root causes of infections. That’s my kind of world!
This was first published in January 2012