Cloud computing is a seemingly unstoppable force, with its popularity increasing steadily across the world as its applications become more apparent. However, while many consumers can see the advantage of cloud storage, there are still many reservations about cloud service provision, with security a particular area of concern. DT editor James Barton spoke to Blue Coat’s Nigel Hawthorn about the reliability of a cloud security solution, and whether the introduction of such services is currently an option for emerging markets.
DT: Cloud services are gaining traction in many markets, but cloud security solutions in particular are reliant on a reliable internet connection. With regard to connection strength and availability, is cloud security viable in emerging markets?
NH: We’ve had interest from managed service providers around the world looking to provide a cloud-based managed security service. For this to work there need to be good, fast connections to the cloud and points of presence, and they need to be highly reliable. We have multiple points of presence around the world and load balancing across them – if one of them were to fail, it would make the request to the next one. We’re suggesting to managed service providers that they might want one of these points in their network – in their country, under their control, in their existing exchanges, so they know all the connections to it – and it will load balance with all the others around the world. The provider then has the point in their network, so can deliver security responses very quickly.
In my opinion, emerging markets are a perfect place for cloud services rather than appliances for a number of reasons. The complexity of shipping devices around the world – import duties and shipping costs, for example – are virtually ignored in the West, because there tends to be good infrastructure, and it’s easy to transport goods and obtain replacements if anything fails. However, the further away you are from these places, the more difficult it is to deal with appliances.
If a service is cloud-based, it can be sold on to the user at a lower cost. The service behind our standard appliance security has been driven by the cloud for over five years. We never sold the service on its own until earlier this year but we now have URL filtering and categorisation, as well as anti-malware services - this allows us to provide an appliance-free, cloud-only security service. This necessitated a graphical user interface which allows managers to access the service and set up policies; we set this up in a way which allows it to be white labelled, so service providers can use it to offer their own services to their customers.
I don’t think it will be too long before a huge portion of the world is having its web security delivered from a cloud service rather than today’s more traditional way of having an appliance on the premises.
DT: A reliable internet connection is obviously essential for a cloud-based security service. However, even in more developed markets, connections can go down inexplicably. You’ve explained that a global network of points of presence provides a solution – is it failsafe, or could this be improved upon?
NH: A cloud security service needs to be as failsafe as possible; our current stated delivery is 99.999% uptime. Achieving this includes placing the security points in as many cities, countries and on as many different service provider networks as possible, running global load balancing between them and ensuring a fast failover between points if communication problems occur. With a global network of points of presence, the security service can deliver the web page evaluation and categorisation regardless of which service point users are connected to, whereas with SaaS (software-as-a-service) solutions, 100% uptime is needed to guarantee full access to data in the cloud.
DT: Can unreliable internet connections compromise cloud-based security, as this obviously could be an issue in emerging markets?
NH: One way of looking at this is that if the unreliable connection is the final one to the end user, they can’t get to the threats on the Internet anyway, so not having access to the security cloud service is a moot point.
DT: What should operators in emerging markets be doing to get ready for this – how can they avoid installing unneeded infrastructure if everything is heading towards the cloud?
NH: Operators and service providers need to investigate putting together a service in their country – they can start small, without investing anything. They just need to purchase a service, add on their margin and start promoting it. If they’d prefer more control, they can increase the number of points of presence in their networks.
Response times are faster if the decisions are made closer to the user. Operators don’t have to send information out of their network - which keeps the cost down - and it gives them an advantage over competitors who might be providing a service that isn’t on the network, as well as providing reliability with another point of presence in the network infrastructure.
In the same way that many countries – particularly in emerging markets – have leapfrogged fixed-line in favour of mobile, this is a way of leapfrogging the last decade’s appliance-based security to arrive at a cloud-based service.