Although identified by Gartner as a top ten IT strategy for 2011, cloud technology has yet to realise its full potential in corporate IT departments - the promise of increased flexibility and scalability provided by the cloud is offset by ongoing concerns about the security of corporate data. So it is ironic that the cloud represents one of the most exciting and promising new channels for the development and use of anti-malware software.
A good fit for IT security
Cloud computing is an effective method for performing a number of IT security tasks associated with protecting users. First of all, cloud computing allows parallel data processing, i.e. it is ideal for tasks which can be divided into several parts and processed simultaneously, thus getting quicker results. This is crucial for current antivirus products.
In order to analyse a suspicious program it must be checked against lists of malicious and security software as quickly as possible. If this does not yield results, it must be compared to the signatures of known threats, its code must be scanned for dangerous instructions and its behaviour must be examined in an emulator.
All of this research can be performed in parallel. Some processes can even be divided into even smaller parts, for example, database searches. Cloud analysis has a great advantage over analysis performed on a local machine as it allows all of the required detection technologies to be used, having first distributed them between several computers for analysis, thus providing faster and more qualitative research.
Additionally, cloud data processing is ideal for reducing the load on a local machine. This task – reduction of resource usage – is important for antivirus developers.
Data processing using cloud services also contributes to the accumulation of extremely valuable information. This feature is also important in combating IT threats. The harvested information is necessary for the immediate neutralisation of all known threats, as well as for the detailed analysis of new malicious programs and the development of antivirus solutions.
There must be a continuous exchange of data between the cloud and the numerous local machines running security products. Local computers provide information about current threats which are analysed and neutralised using the cloud’s enhanced computing power, providing a continuous stream of information. Should a new threat appear on just one local machine, protection can be developed immediately and delivered to the other computers connected to the cloud. The bigger the cloud in terms of the number of local machines connected to it, the higher the security level.
Making the right antivirus decision
Antivirus products should incorporate all of the above-mentioned advantages of cloud computing: rapid, deep, parallel data processing, reduction of load on local computers and constant accumulation of valuable information about IT threats.
Information about malicious programs, spam, phishing resources and other threats, as well as safe programs, should be processed and accumulated in the cloud. This information allows antivirus solutions to provide full control over suspicious programs on users’ computers without impeding the operation of a user’s safe software. Suspicious programs should be checked against a list of malicious and trusted software. A scanning system based on digital imprints is a much faster method than signature-based scanning.
The use of information from the cloud, in addition to detection results from local machines, should minimise the number of false positives. The response time to new threats should then decrease because the cloud service immediately receives information about any newly emerging threats, analyses it quickly, develops the necessary protection tools and delivers them to users’ computers.
Many IT departments still approach the cloud with caution. By recognising the part it can play in an IT security strategy, they can benefit from highly effective parallel computing and instantaneous data exchange, and the subsequently enhanced quality of protection.
ABOUT MALCOLM TUCK
Malcolm joined Kaspersky Lab as Managing Director of their UK Operations as of Aug2008. Malcolm has lead IT products and services based organizations through various stages of growth, from initial establishment to regional deployments in Europe and Asia Pacific. This has enabled him to gain valuable experience in identifying what is required to enable a fast paced business to be successful, attract the right personnel and build long term client/partner relationships that are outcomes orientated.
Starting his career as an Avionic Engineer in the Royal Air Force, Malcolm moved to New Zealand and into Information Technologies with IBM in 1990, he then moved to the role of General Manager of Services for Sun Microsystems ISO in New Zealand then on become Chief Executive Officer for a Systems Integration and Development company RHE & Associates in Asia Pacific. Establishing RHE’s operations in Perth, Melbourne, Sydney, Auckland and Wellington, before returning back to the UK in 2005 taking up a role as Alliances Director, EMEA for Symantec.
Malcolm is a member of the Australian Business Chamber of Commerce and the Institute of Directors and is married with two children and enjoys classic car restoration, travelling and golf.