The business threats from social networking web sites

Nigel Hawthorn, EMEA marketing VP for Blue Coat Systems, looks at the current growth in cloud computing and the need for organisations to adopt a real-time cloud computing security service that addresses latency and effectively protects them from malicious threats such as malware, trojans, botnets and phishing attacks.

A cloudy future…

According to a recent report by Forrester titled ‘‘Is cloud computing ready for the enterprise?’’ Cloud computing still remains a genuine web security concern. In theory, it can be more secure than do-it-yourself computing since shared costs allow larger overall investment in security processes and infrastructure. However, worries still remain about access and control over an organisation’s sensitive data.

These days users need to go everywhere – customer sites, partner meetings and remote offices. The applications they need, however, are often locked up in distant, consolidated datacentre or are outsourced entirely. All of this movement conspires to break up the traditional "hub and spoke" network model of the past.

At the same time, application networking is becoming increasingly peer-to-peer, with VoIP for example, requiring low-latency, high-bandwidth connections between any network endpoint. To accommodate this within traditional point-to-point links would require exponential growth in the number of interconnects. This would be impossible to provision, as we know. For relief, many enterprises have turned to "cloud"-shaped networks. A transition, like most in IT, with some interesting side-effects.

For example, what if you want to connect directly to the Internet? The price is definitely right, and getting all of that Internet back-haul off your WAN is very appealing. The traffic is going there anyway, why not let the Internet carriers pay to move it around? Unfortunately, the security and routing issues are as serious as they are daunting. You'll have to make sure that nothing nasty gets in, such as malware and phishing attacks. Furthermore, any application-layer security or web access controls you've set up in at the datacentre gateway will have to be replicated, distributed, and centrally managed. Quite a tall order.

The latency issue…

Regardless of the type of cloud an organisation chooses, one key issue remains increased latency. Many of the applications commonly used at the branch, such as email and file services, are notoriously sensitive. To address latency in the cloud, there are options. Generally, they fall into one of two categories – fix the application with caching, compression and protocol optimisations; and/or application prioritisation.

The ultimate goal in compression and optimisation is to reduce traffic entirely. New forms of caching and inline compression can dramatically reduce the bandwidth needed to service applications. Bandwidth, network latency, and application performance aren't directly related, but if you can avoid transmitting data at all you save user time, along with time on the wire. Some applications, file services, email and even web applications can be intercepted and re-worked. These protocol optimisations, combined with caching and compression, can provide startling improvements. Overcoming such latency challenges is what's making WAN Optimisation such a hot market. While some latency is unavoidable, you can do something about packets sitting around waiting for bandwidth. Latency caused by distance and network congestion are the first bottlenecks to avoid.

A silver lining for organisations…

Organisations need to find economies of scale in their security models that rival the efficiencies of hackers. Call it building a moat for the villagers to protect them from the barbarians at the gate. Otherwise, this will remain a one-sided battle that just gives hackers more appealing targets. However, there is now a shinning light in the cloud. Organisations can now access a multi-layered defence service that addresses the latency issue and protects customers from new sources of malicious threats such as malware, trojans, botnets and phishing attacks. There are now solutions available, such as WebPulse, a cloud based security service from Blue Coat Systems, which analyses more than 150 million web requests a day to create a community in which the discovery of malware by one member is shared with all. The service also creates a community that reviews more web content and utilises more defences than a single company could cost effectively manage. It also provides enterprises and consumers with a real-time rating to analyse newly published or previously unrated web content and includes a background rating process that utilises multiple threat detection engines and machine analysis of web content. Furthermore, Web Pulse offloads the web gateway from analysing all web content and efficiently blocks dynamic web requests to malware hosts hidden in popular and trusted web sites.

It is clear that the convenience of cloud networks is too much to resist. Yes, a little extra latency must be overcome and additional common-sense security is required to protect from malicious attacks. But it's nothing a network manager can't overcome – if they can spare the time from filling out all those point-to-point cancellation forms, there just might be a glimmer of light shining through the cloud for organisations as policy-based prioritisation becomes even more critical.