Services offered in the cloud range from managed firewalls to intrusion detection/prevention services (IDS/IPS) to antispam/antivirus filtering.
Should you use services "in the cloud?" That's a complex question. They're typically more expensive than do-it-yourself approaches, but the arrangement enables offloading of some of the technical complexity involved in self-managing the services.
Managed security services enable the leveraging of security professionals and their expertise on a large scale, but you'll also lose the comfort of knowing that the "security guys," those who understand and are familiar with your business, are just down the hall.
Personally, I believe that managed security services can play an important role in a "defense- in-depth" strategy that emphasizes a layered approach to security. If such a method fits into your organization's security plan, don't hesitate to use managed services, but supplement them with endpoint security products that protect servers and desktops. For more on this topic, read my tip: Bringing the network perimeter back from the dead.
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.