The stormy debate on cloud computing security

By Patrick Walsh, eSoft

The debate over cloud computing tends to center on one fundamental point: Is the cloud an insecure place to store data? But this is the wrong question, because the power and promise of cloud computing can be realized without ever storing data there at all.

While certain applications do rely on the storage of such data as customer records, emails and documents within the cloud, there is an entire class of applications that reap the benefits of cloud computing without any risk to confidential data.

Take Internet security, for example, and web filtering specifically. Anyone using a recent Firefox browser has likely seen the red "attack page" warning before going to a web site. This safety mechanism comes to the browser through the power of cloud computing. Google does some basic security checks when it visits websites and publishes its findings for Firefox users and alongside search results. By finding malicious sites before users visit them, end users don't have to test the effectiveness of their desktop anti-virus solutions and their computers don't even need to scan these sites. Through the use of cloud computing, sites are automatically detected as malicious without the use of any local resources.

This example is just the tip of the iceberg. Desktop and gateway anti-virus products--the core products protecting users from malicious areas of the Internet--are resource-hungry. In a perfect world, there would be no need for anti-virus signatures, only behavior-based profiling of applications.

In the real world, however, running every file that gets downloaded and then monitoring and mining data on everything it does is impractical--the memory and processing requirements are just too high. The same is true of websites; a thorough, automated evaluation of a website is a very slow process. Any vendor offering an appliance or desktop application performing this function would soon learn that end users won't tolerate the required delays and would opt instead to turn off the feature.

When you move the in-depth scanning techniques into the cloud--with its theoretically limitless computing capabilities--and add in efficiencies gained by scanning a website or file only once, regardless of the number of users visiting it, that is the real power of the cloud. Traditional tradeoffs between security and performance can be re-evaluated as virtual supercomputers are applied to security problems and millions of users gain the benefit of a single in-depth scan.

Patrick Walsh is chief technology officer at eSoft in Broomfield, CO. Reach him at [email protected].