It’s no surprise that security, like every other area of IT, is now shifting to the cloud. Or in some cases, components of it are becoming cloud-based. Analysts agree that it’s a big market. Gartner has predicted that the cloud-based security services market, which it defines as secure email or web gateways, identity and access management (IAM), remote vulnerability assessment, security information, and event management, will hit $4.13 billion (US) by 2017, and Global Industry Analysts, Inc., puts the market at $5.6 billion by 2020.
The reasons are simple: the cloud provides the infrastructure to do much more than many businesses, particularly small and medium-sized organizations, have the capacity to even dream of. And it does so in a cost-effective, scalable way, with state of the art technology that’s automatically kept up to date without user intervention.
Security in the cloud can range from a complete service to an enabler of on-premise services. It’s being used in the latter capacity today, in fact, by many of the major security vendors, who have mostly stopped delivering the increasingly large, daily-signature files that have caused IT so many headaches in favour of hybrid solutions that refer to their cloud-based databases.
The move is driven in part by the speed with which malware is developed and distributed. Vendors have discovered that they can do a better job of detecting and disseminating information about threats by leveraging the power of the cloud. In the cloud, they can house the huge volume of data about threats, and can instantly make it available to their users. When something suspicious is detected on a system, it can be passed to a cloud-based analytic engine that examines it, decides if it’s malicious, and takes appropriate action. Then information about that new threat is immediately available to all other subscribers to the service. With the trend towards targeted attacks, that agility could prevent a major incident.
Security-as-a-service has many faces. Some vendors focus on one aspect of the problem, such as protecting websites, guarding endpoints, scanning email, or monitoring network traffic for anomalies. Others take a full-service approach, reaching from endpoint to edge. They use a variety of techniques, including looking at the reputation of senders or websites to attempt to block known malicious sources. They analyse the headers and content of incoming emails, examine embedded links, and dissect attachments, as well as doing the more traditional scanning activities.
But security-as-a-service isn’t only about blocking malware and other attacks. It’s just as important to have a robust system for authenticating users so that the right people get the right data at the right time. A number of vendors, including Microsoft, are making their authentication systems such as Active Directory available in the cloud. That not only provides a scalable solution that doesn’t require internal servers, it also enables single sign-on to both internal systems, and cloud services such as Salesforce. And look at the plethora of other security necessities such as encryption, risk assessment and data loss prevention and you’ll see clouds in their future as well.