EXPERT RESPONSE
The term "in the cloud" refers to outsourced managed security services run by external providers or managed security service providers (MSSPs). These services are identified as such because most network diagrams use a picture of a cloud to represent anything beyond a company's perimeter router, such as the diagram below:
Services offered in the cloud range from managed firewalls to intrusion detection/prevention services (IDS/IPS) to antispam/antivirus filtering.
Should you use services "in the cloud?" That's a complex question. They're typically more expensive than do-it-yourself approaches, but the arrangement enables offloading of some of the technical complexity involved in self-managing the services.
Managed security services enable the leveraging of security professionals and their expertise on a large scale, but you'll also lose the comfort of knowing that the "security guys," those who understand and are familiar with your business, are just down the hall.
Personally, I believe that managed security services can play an important role in a "defense- in-depth" strategy that emphasizes a layered approach to security. If such a method fits into your organization's security plan, don't hesitate to use managed services, but supplement them with endpoint security products that protect servers and desktops. For more on this topic, read my tip: Bringing the network perimeter back from the dead.
More information:
A reader asks expert Michael Cobb, "What is the average cost of a managed security service provider?"
Learn how some security managers are looking to the keepers of the Internet cloud for relief.
|
