Enterprises should be more prepared to look to on-demand software to cope with the rising tide of malware said a leading security specialist.
Peter Watkins, CEO security firm Webroot Software said that software as service had now come of age and could offer better protection againts intenet-borne malware than software packages. Speaking at a conference organised by our sister title, Network World, he said that the growing amount of spam - up by 400 percent from September 2006 to September 2007 - and new kinds of attacks, such as the malware being written for gaming worlds like Second Life, were leaving businesses vulnerable, he said.
He added that malware writers are smarter than ever, not looking for the cheap thrill of a horrific new virus but wanting infected PCs under their control, never to be discovered.
According to Gartner, as many as 75 percent of enterprises will be the victims of targeted stealth attacks with financial motivation - spyware or bots, for instance - and will remain "blissfully unaware" that their networks have been compromised.
With all of this in mind, Watkins said it is becoming increasingly clear to security vendors such as himself that software-as-a-service is a superior method for delivering some forms of security compared with in-house software or appliances. Webroot itself recently branched out to offer secure e-mail via SaaS.
Watkins said that while SaaS wasn't feasible a few years ago, recent advances have made the technology more robust, reliable and affordable today. As such, it is increasingly attractive to the small business who can use it to get enterprise-class products at a consumer-per-seat price.
New services with better performance than in-house software will soon have enterprises warming to the technology, too, Watkins believes. At a recent SaaS conference, Watkins says he was impressed by the progress other security vendors have made in this arena, even able to deliver such functions as single sign-on via SaaS.
Watkins believes some services are better suited to SaaS than others. Secure email (which Webroot offers) and web/URL filtering (which Webroot does not yet offer) are two examples. When email is delivered via SaaS it can be scanned by a wider variety of back-end processes and run through multiple vendor anti-malware solutions before being delivered, clean to the in-box. In comparison, most enterprises could not afford to commit so many resources to e-mail. Because most spam would never make it to the enterprise, it never has to be managed by a company's internal resources.
Web filtering or URL filtering is also an ideal SaaS service, Watkins said. When a user requests a web page, the web page would be scanned by the service provider in the cloud and delivered to the user only if it is clean.
As for the issue of trusting a security vendor with valuable corporate assets, Watkins points out that corporations will have a contractual relationship with SaaS vendors to protect data. Furthermore, SaaS security vendors such as Webroot must deploy, and be audited on, high security standards. Any vendor that operates in Europe, such as Webroot, must also meet more stringent encryption requirements specified by the EU, too, he said.