Is It Time To Offload IT Gateway Security To A Cloud?

In 2008, Gartner research reported that 16,000,000 unique pieces of malware were cycling over the Internet. The Gartner estimate for 2009 was that the malware population would double. The report came at a time when Web 2.0 collaboration was (and is) allowing many different people to blog on  social networks and even highly trusted Websites, so that neither the Websites/social networks nor the companies whose employees access these Websites or social networks know for sure if the source  of information is safe.

Managing the security risks that multiply with technologies like Web 2.0 comes at a time when Gartner estimates that less than 30 percent of organizations have devised or implemented effective malware-fighting strategies.

"The impact of Web 2.0 on malware control is significant because browsers are now becoming much more complicated and powerful," said Peter Firstbrook, Secure Business Enablement Research Director for Gartner. "There are all kinds of browser plug-ins like Flash and Adobe. On top of this, there has been a shift to more content services like Twitter and wikis. There are so many more channels for people to link into data, and you can't always rely on a host domain to ensure that malware isn't being passed to your corporate networks."

A case in point is May 21, 2009, when Gartner reported that 500,000 Websites were infected with malware in a single day, including 75 percent of Websites that enterprises would normally consider to be reputable. "It is clear that the traditional "blacklist" environment, where you simply block certain URLs  and AV (anti-virus) signatures, can't keep up with this  kind of activity," said Firstbrook.      

At the other end of the spectrum are organizations that go so far with their security measures that their workforces can no longer access Websites that are relevant to their daily work. "We have three dedicated proxy servers for URL filtering," said Bart Louwagie, Director of IT for Ulster-Greene ARC, which provides programs for individuals with disabilities and has 35 distributed locations.  "Because we deal with health insurance, we were also having to backhaul Web-based communications through a VPN (virtual private network)."Unhappy with the upkeep of URL site monitoring and blocking--and aware of  user dissatisfaction with the inability to access  legitimate Websites that had been blocked, Ulster-Greene  made the decision to turn to a cloud-based  solution that offloaded the security responsibility for malware to  Zscaler,  a SaaS (software as a service) provider.  "The move to cloud security gave us integrated, comprehensive functionality with consolidated, real-time reporting. It reduced IT overhead, delivered greater satisfaction to our business users, and improved response time for our remote sites, since traffic backhauling was eliminated," said Louwagie. "It was easy to answer management questions, such as a concern about an employee's online behavior. Most importantly, the move to the cloud allowed us to refocus our resources to the strategic values of IT in our business."   

Zscaler's approach to Web security protection is focused on the gateway, not the server. "We looked at what people were doing with proxy architecture with Web 1.0 and the throughput requirements weren't that high," said Manoj Apte,  Zscaler Vice President of Product Management. "Our idea was to take Web security to the Cloud instead of to a box deployed for an enterprise. This gave us many more opportunities to tune the product. There was no longer any need for onsite logging, or for a user interface, because the application was no longer standalone. All you really need is a policy manager and the ability to scan and log. We run all our work in RAM (random access memory), and never touch a hard drive. This gives us up to a 1000x performance improvement over standard enterprise logging facilities."

The improvement in speed is important because a large organization can accumulate 100 gigabytes of logs per day. "These are a lot of logs to store, and using system logs is a wasteful way of storing these," said Apte. "With indexing and compression we can reduce these logs so that a normal transaction proxy log, which is in the range of 500 bytes long, is ten bytes. We can reduce a URL log of 170 bytes to four bytes."

Enterprises that have jumped on the SaaS security concept are still considered early adapters, but as the growing malware risk combines with green data center initiatives, the idea of being able to eliminate proxy servers, reduce IT malware patrol time and offload security protection to specialists is more inviting. "There are five primary functions that malware security must address: URL filtering, malicious code filtering, Web 2.0 application control, data loss prevention and effective reporting," said Gartner's Firstbrook. "A SaaS approach offers proactive security that is scalable and easy to deploy. It's one of the reasons why we're predicting that 25 percent of the enterprise security gateway market will be using SaaS by 2012."