Network World recently reviewed some research by Forrester that outlined five rising and five declining security technologies. There was one clear trend in every technology mentioned: everything is moving toward the cloud.
With security, it may not be obvious why security can be much more efficient in the cloud, but a lot of it has to do with what you can see from a bird’s eye view. Spam filters are a good example. Non-cloud filter paradigms examine each email in isolation, trying to determine if each is legitimate. In the cloud, a mail filter can look at all of the email that is being sent through its services, easily identifying the number one characteristic of spam: if it was concurrently sent to thousands and thousands of people.
The Forrester research was focused primarily on firewalls, but it should be no surprise that both firewalls and intrusion detection services (IDS) are moving deeper into the cloud. A security patch can be pushed to the edges of the cloud all at once, an IDS edge can share trends with other IDS edges and more-quickly identify security threats, and Next-Generation Firewalls (NGFW) can examine packets at the application layer. These are all things that lend themselves to being done in the cloud.
While I haven’t mentioned NGFW’s in this blog before, the defining characteristic of such devices is the ability to identify and control traffic at the application layer. This capability will allow enterprises to deploy security policies that, for example, will allow end users to see Facebook, but never allow them to post to it. I am not sure how valuable that specific filter is, but it emphasizes the point that the application filtering capabilities of a NGFW actually allows an enterprise to control how a web site or application is used without having to block access altogether.
Overall, more and more security services are moving toward the cloud as the economics and visibility strongly favor a network-centric approach. That’s not to say that such an approach doesn’t create new risks in and of itself, but I believe that the benefits outweigh the costs in the long run.