Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, February 15, 2006

‘Security in the cloud’ is not the way to go

One of the basic philosophies of security is defense in-depth: overlapping systems designed to provide security even if one of them fails.  An example is a firewall coupled with an intrusion-detection system (IDS).  Defense in-depth provides security because there’s no single point of failure and no assumed single vector for attacks.  If we could build a new Internet today from scratch, we would embed a lot of security functionality in the cloud.  [For email ]They do a great job of filtering out spam and viruses, but it would be folly to consider them a substitute for anti-virus security on the desktop. 

Smart organizations build defense in-depth: e-mail filtering inside the cloud plus anti-virus on the desktop.  Real-time monitoring and response is what’s most important; where the equipment goes is secondary.

It is for this reason that a choice between implementing network security in the middle of the network—in the cloud—or at the endpoints is a false dichotomy.  An organization had no choice but to put its firewalls, IDSs and anti-virus software inside its own network.  Security would be vastly improved if the major carriers implemented cloud-based solutions, but they’re no substitute for traditional firewalls, IDSs and IPSs.;1786107200;fp;16;fpid;0

Posted on 02/15