Cloud Security

Posted on 16. Mar, 2010 by Katonda News Network

Cloud computing is acknowledged as a new delivery model for IT services based on the Internet (represented in diagrams as a cloud… hence the cloud part). It typically involves the provision of scalable, often virtualized storage, server and communications resources provisioned as a service over the Internet.

In the cybercriminal community, we see a cunning use of the cloud for dynamic threats – targeted, typically short-lived, using Web 2.0 techniques that rely upon dynamic links to spread malicious content, steal identities and money. 90% of malware comes from hidden download pointers in trusted and popular Web sites and each day in 2009, 15,000 new web pages were infected with malware1. Now, there are billions and billions of web pages, many of which – from news pages through blogs or search engine results – change literally in real time.

With a cybercriminal community busily injecting relays and malware through dynamic links, traditional reputation-based methods and definitions that download daily can’t hope to keep up.  However, just as criminals can use the cloud to obfuscate their attacks, we should consider one very obvious strength of its Internet foundation – the community of over 1billion users that are united over the web.

If, as soon as an attack is seen by one person on the web, that person could inform everyone else there would only be one victim.  The criminals would find that it doesn’t pay and move onto more lucrative crimes.  What we need is a cloud-based system that tells us about existing threats and dynamically investigates new web pages on behalf of everyone working constantly with real-time intelligence on new sites, URLs and dynamic Web 2.0 content and links. Of course the best way to gather that intelligence is from a broad, diverse and expanding community, connected by, you guessed it, the cloud. As a community under collective threat, we can take a collective responsibility. With cloud computing, we now have a mechanism for sharing that intelligence, sent anonymously into the cloud.

As security vendors, we can make great use of the breadth and immediacy of this intelligence and use dynamic link analysis to rate it in real time and make those results immediately available to all users in the community through a cloud service without requiring downloads. Blue Coat pioneered this concept before cloud computing had a name, so as we go forward into 2010, this is now a mature, secure leverage of cloud computing for web filtering and anti malware layers of your new defense. Pay attention to how large a community you’ll be part of and how diverse that community is. Remember, the larger and more diverse the community, the sooner we’re likely to encounter a new threat and the sooner that public spirit is shared with the community.

It makes sense to unite the power of the community as an input to a cloud-based ratings service, and leverage the cloud service as a delivery mechanism to update the filtering or scanning elements of your security layers as close as possible to real time. Depending on what makes sense operationally, the technology that acts on this intelligence may be a laptop client, free consumer application or a dedicated, high performance appliance or some other hybrid deployment.

As we enter 2010, more choices of what can be done in the cloud as a service will present themselves. The cloud will become relevant and progressively influence each layer, but only after you have weighed up the operational and cost benefits with the security, privacy and performance considerations. Clearly, some options such as community-driven cloud-delivered ratings should be considered right now, to defend against the clear and present danger of Cybercrime 2.0. But as 2010 progresses, keep your options open but keep your eyes even more open and evolve your new defenses to be open to cloud computing, in an increasingly cloud-based hybrid approach.

By Dave Ewart, Senior Product Marketing Manager, Blue Coat

Blue Coat is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk