In a podcast published on its website in November 2009, Internet security firm Sophos concludes that desktop security products can never be fully replaced by hosted services. Our article below examines the issues surrounding cloud computing and this claim by Sophos.

If you have ever spent time in the same room as a network engineer, a whiteboard and a marker pen, you will already be familiar with the concept of the Internet cloud. These days, it is the central point of most network diagrams and it’s typically the first thing an artistically-challenged techie likes to draw. (He remembers its shape as being “a sheep with no legs”).

A build up of cloud

Cloud computing is a term that describes our increased reliance on hosted applications and services. It refers to the things that take place inside that virtual cloud such as the use of hosted email systems and other applications which may allow you to access and modify data online.

The cloud computing model offers numerous benefits as it removes the need to install and manage one’s own applications. Email providers such as Yahoo, Googlemail and Hotmail are all good examples of this. Users simply access their messages via a website and let somebody else take responsibility for maintenance, redundancy and backup.  These systems are often free and give the user the flexibility to access applications from any location.

The uses of cloud computing are not limited to email. Other services - generically referred to as SaaS or Software as a Service - include online word processing, CRM applications and hosted security products.
 

Indeed, a much overlooked point with SaaS products is the implicit trust a user places in his or her service provider. In the Sophos podcast, Paul Ducklin, Head of Technology in Asia Pacific, describes how many companies should differentiate between crucial and non-crucial data. He comments that whilst some businesses may allow staff to use external services like MSN for non-critical communications rather than running their own messaging servers, they would be wise to hold “trophy data” on servers that they own and operate themselves.

Security and cloud computing

Security vendors already assume their customers are regularly connected to the Internet as they generally utilise this medium to deliver virus updates and security policy rules. However, Ducklin describes the vision of all antivirus and security software residing in the cloud as a pipedream.

He said: “SaaS or cloud computing is not a panacea. It brings some very significant benefits especially for small businesses but there are concomitant risks which it would be foolish to ignore.”

Ducklin feels that as long as a browser such as Internet Explorer is required to access SaaS products, desktop security products will be needed to prevent the exploitation of system vulnerabilities. He points out that data is usually introduced to the cloud through a computer in the first place (from digital camera or other external device) and concludes that as long as our PCs are transitioning data in this way, local security software will remain essential to protect against malicious code and inadvertent data loss.