Security is a perfect candidate to relocate into the cloud. It is something that requires special expertise, it moves quickly -- updates must be pushed out with increasing speed to keep ahead of the dark side -- and the amount of data that must be stored in the form of signature files is great and growing.
I wrote about SaaS -- often referred to as "the other SaaS" since the overall category is software-as-a-service -- last month. Let's call it security software-as-a-service (SSaaS). Clever use of cloud computing enables more firepower to be brought to bear more quickly on an intruding and offensive bit of code.
The fight against malware is escalating. Dark Reading describes the angst felt by Panda Soft. The firm said that from 2006 to last year, 300,000 malware samples were catalogued; so far, 2.5 million have been in 2008. About 200,000 new threats per month are being found, equal to 60 to 80 megabyte signature files.
Those facts and others like them are, needless to say, overwhelming. The story notes that in addition to the sheer numbers, the savvy of the malware writers is causing more bad code to go undetected. The company has responded by including a cloud computing element in its 2009 product family. The writer says McAfee and Symantec also are using cloud approaches.
A fourth company -- at least -- climbing on the SSaaS bandwagon is F-Secure. The company announced late last month that it is offering a program, Quick Start, that will be part of F-Secure Protection Service for Business. The service is available in North America now. It includes trial, training and activation of the service within a 10-day window.
The interesting thing about this piece outlining the advantages of SSaaS is that it doesn't emphasize the volume of viruses and other forms of malware. The emphasis here is on the growing complexity of attacks and the fact that SMBs are short-handed and even larger companies often are stressed. The writer points out that SSaaS providers offer a menu of security services. The case for SSaaS is persuasively made by Panda's Ryan Sherstobitoff. He says that it is impossible to keep up with the high volume of threats and that the stress has led to a "breakdown in the quality and effectiveness" of the technology used to combat viruses. He points to other business and technical shortcomings of the traditional approaches. He concludes that SSaaS is the answer, and that it already is gaining popularity among SMBs.
Security-as-a-service clearly is an important approach in the battle against viruses and other malware. It and the separate but related blacklisting approach, in which bad code is put on a list, disallowing it from entering the network, will work together as the next generation of malware fighting evolves.