Services offered in the cloud range from managed firewalls to intrusion detection/prevention services (IDS/IPS) to antispam/antivirus filtering.
Should you use services "in the cloud?" That's a complex question. They're typically more expensive than do-it-yourself approaches, but the arrangement enables offloading of some of the technical complexity involved in self-managing the services.
Managed security services enable the leveraging of security professionals and their expertise on a large scale, but you'll also lose the comfort of knowing that the "security guys," those who understand and are familiar with your business, are just down the hall.
Personally, I believe that managed security services can play an important role in a "defense- in-depth" strategy that emphasizes a layered approach to security. If such a method fits into your organization's security plan, don't hesitate to use managed services, but supplement them with endpoint security products that protect servers and desktops. For more on this topic, read my tip: Bringing the network perimeter back from the dead.
This was first published in December 2007