Securing the enterprise beyond the perimeter

Trying to secure laptops, cell phones, PDAs, and other mobile devices today is "terrifying," says Christopher Paidhrin, IT security and HIPAA compliance officer at Southwest Washington Medical Center. "End-point security is scarily immature."

No doubt these are menacing times. Cloud computing continues to push data and apps online and beyond traditional network security perimeters. Business users demand access to data using newfangled mobile devices over 3G wireless networks. Every day, creative hackers invent ways to steal data to sell on the black market -- and Internet security lags behind the curve.

[ InfoWorld security analyst Roger Grimes offers a solution for fixing the Internet. Subscribe to his Security Report newsletter to get the latest information on security technology and issues. ]

Catching up won't be easy, yet the answer might be found in the cloud itself. Security pros know they need to extend perimeter security controls to end-point devices before it's too late. One way is to put security agents on laptops, which is an expensive proposition fraught with risk. Another option is to leverage an emerging class of Web-based security service providers, such as startups Purewire and Zscaler.

Cloud-based security service providers take shape
Here's how it works: Remote users wanting to access data stored in the cloud would first have to go through a security service provider. Already, cloud-based security services for malware and spam detection account for 20 percent of the market revenue, say Gartner researchers, and this figure will jump to 60 percent in five years. Other security services are quickly moving to the cloud, too, such as vulnerability scanning, denial-of-service protection, and (down the road) authentication and data leakage services.

Cloud-based security has many advantages over security agents on laptops. For starters, savvy end-users can disable end-point-installed agents, whereas the cloud provider has complete control over the agents it hosts. Security agents installed on individual devices are also costly and difficult to manage. A major company with top-notch traditional security controls recently discovered this unpleasant fact: It analyzed its 80,000 personal computers and found that 3,000 of them -- almost all mobile laptops -- had botnet clients, says John Pescatore, a Gartner analyst.

End-point security agents are simply on the wrong side of technology trends. "Look at the iPhone," Pescatore says. "No way you can have your own security software on the iPhone because it doesn't even exist. You can't provide any security on the iPhone other than doing it in the cloud."