Cyber Security Institute
Wednesday, February 15, 2006
‘Security in the cloud’ is not the way to go
One of the basic philosophies of security is defense in-depth: overlapping systems designed to provide security even if one of them fails. An example is a firewall coupled with an intrusion-detection system (IDS). Defense in-depth provides security because there’s no single point of failure and no assumed single vector for attacks. If we could build a new Internet today from scratch, we would embed a lot of security functionality in the cloud. [For email ]They do a great job of filtering out spam and viruses, but it would be folly to consider them a substitute for anti-virus security on the desktop.
Smart organizations build defense in-depth: e-mail filtering inside the cloud plus anti-virus on the desktop. Real-time monitoring and response is what’s most important; where the equipment goes is secondary.