Securing the enterprise beyond the perimeter

Trying to secure laptops, cell phones, PDAs, and other mobile devices today is "terrifying," says Christopher Paidhrin, IT security and HIPAA compliance officer at Southwest Washington Medical Center. "End-point security is scarily immature."

No doubt these are menacing times. Cloud computing continues to push data and apps online and beyond traditional network security perimeters. Business users demand access to data using newfangled mobile devices over 3G wireless networks. Every day, creative hackers invent ways to steal data to sell on the black market -- and Internet security lags behind the curve.

Catching up won't be easy, yet the answer might be found in the cloud itself. Security pros know they need to extend perimeter security controls to end-point devices before it's too late. One way is to put security agents on laptops, which is an expensive proposition fraught with risk. Another option is to leverage an emerging class of Web-based security service providers, such as startups Purewire and Zscaler.

Cloud-based security service providers take shape

Here's how it works: Remote users wanting to access data stored in the cloud would first have to go through a security service provider. Already, cloud-based security services for malware and spam detection account for 20 percent of the market revenue, say Gartner researchers, and this figure will jump to 60 percent in five years. Other security services are quickly moving to the cloud, too, such as vulnerability scanning, denial-of-service protection, and (down the road) authentication and data leakage services.

Cloud-based security has many advantages over security agents on laptops. For starters, savvy end-users can disable end-point-installed agents, whereas the cloud provider has complete control over the agents it hosts. Security agents installed on individual devices are also costly and difficult to manage. A major company with top-notch traditional security controls recently discovered this unpleasant fact: It analyzed its 80,000 personal computers and found that 3,000 of them -- almost all mobile laptops -- had botnet clients, says John Pescatore, a Gartner analyst.

End-point security agents are simply on the wrong side of technology trends. "Look at the iPhone," Pescatore says. "No way you can have your own security software on the iPhone because it doesn't even exist. You can't provide any security on the iPhone other than doing it in the cloud."

To be fair, cloud-based security providers face challenges, too, most notably in pricing. A provider must secure data transfers going to and from the remote user, which puts a strain on bandwidth, increases costs, and cuts into margins. Given that infrastructure burden, odds are cloud-based security services will become part of a larger cloud service.

This means ISPs, large companies with cloud-based infrastructures such as Google and Akamai, and wireless carriers riding the promise of 3G or 4G cards in every laptop will likely take on this security-provider role. "In five years, we think the share of security services that are delivered in the cloud will triple," Pescatore says.