Security Vendors Have Their Heads in the Clouds

Carl Weinschenk

Security is a perfect candidate to relocate into the cloud. It is something that requires special expertise, it moves quickly -- updates must be pushed out with increasing speed to keep ahead of the dark side -- and the amount of data that must be stored in the form of signature files is great and growing.


I wrote about SaaS -- often referred to as "the other SaaS" since the overall category is software-as-a-service -- last month. Let's call it security software-as-a-service (SSaaS). Clever use of cloud computing enables more firepower to be brought to bear more quickly on an intruding and offensive bit of code.


The fight against malware is escalating. Dark Reading describes the angst felt by Panda Soft. The firm said that from 2006 to last year, 300,000 malware samples were catalogued; so far, 2.5 million have been in 2008. About 200,000 new threats per month are being found, equal to 60 to 80 megabyte signature files.


Those facts and others like them are, needless to say, overwhelming. The story notes that in addition to the sheer numbers, the savvy of the malware writers is causing more bad code to go undetected. The company has responded by including a cloud computing element in its 2009 product family. The writer says McAfee and Symantec also are using cloud approaches.


A fourth company -- at least -- climbing on the SSaaS bandwagon is F-Secure. The company announced late last month that it is offering a program, Quick Start, that will be part of F-Secure Protection Service for Business. The service is available in North America now. It includes trial, training and activation of the service within a 10-day window.


The interesting thing about this piece outlining the advantages of SSaaS is that it doesn't emphasize the volume of viruses and other forms of malware. The emphasis here is on the growing complexity of attacks and the fact that SMBs are short-handed and even larger companies often are stressed. The writer points out that SSaaS providers offer a menu of security services. The case for SSaaS is persuasively made by Panda's Ryan Sherstobitoff. He says that it is impossible to keep up with the high volume of threats and that the stress has led to a "breakdown in the quality and effectiveness" of the technology used to combat viruses. He points to other business and technical shortcomings of the traditional approaches. He concludes that SSaaS is the answer, and that it already is gaining popularity among SMBs.


Security-as-a-service clearly is an important approach in the battle against viruses and other malware. It and the separate but related blacklisting approach, in which bad code is put on a list, disallowing it from entering the network, will work together as the next generation of malware fighting evolves.

Add Comment      Leave a comment on this blog post
Sep 24, 2008 1:42 AM Lance Hooper Lance Hooper  says:
Another perfect fit for Security SaaS is managed public key infrastructure (PKI) for email encryption and data encryption applications. One of the major historical critisms of traditional PKI systems is that they were expensive to implement and operate. When offered as a cloud-based managed service, enterprises can take advantage of trusted PKI and S/MIME technologies that rely on standards-based X.509 certificates at a fraction of the cost relative to an in-house system. Echoworx ( has been doing this for the past 5 years; Verisign (, Entrust ( and a host of smaller vendors have also entered this arena recently. Reply
Sep 25, 2008 12:41 PM Bruce Nachman Bruce Nachman  says:
Agreed - lot's of players in the space including Protexx, Inc. (a WidePoint Company). One of the problems amongst the potential enterprise users is "trust". Lot's of big bucks in hard/software spent to shore up the firewall, etc., with little "trust" in a standard that has proven itself abroad for a long time and really works well. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.