Web Security Goes Online - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CIO Insights & Innovation
Security & Risk Strategy
Team Building & Staffing
IT Strategy
Digital Business
Project Management
Programming Languages
Dr. Dobb's
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Network Security
Careers & People
Threat Intelligence
IoT
Attacks & Breaches
Application Security
Cloud Security
Endpoint Security
Mobile Security
Perimeter Security
Risk Management
Operations Security
Analytics
Vulnerabilities & Threats
Security & Risk Strategy
Infrastructure as a Service
Platform as a Service
Software as a Service
Cloud Storage
Data Centers
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
AI/Machine Learning
Big Data Analytics
Hardware/Architectures
Software Platforms
IoT
Networking
Wireless Infrastructure
Data Centers
Cloud Infrastructure
Careers and Certifications
Network Security
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
Industries
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
IT Life
Careers
Mobile
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
Software
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Cloud // Software as a Service
News
10/8/2009
10:30 AM
Randy George
Randy George
Features
Connect Directly
LinkedIn
RSS
E-Mail
0 comments
Comment Now
50%
50%

Web Security Goes Online

A growing number of providers offer Web security in the cloud

The Internet is the attack vector of choice for malware developers and data thieves of all stripes because the HTTP protocol constitutes a big, gaping hole in your defenses. While some users bring grief on themselves by browsing inappropriate and risky pages, criminals target legitimate sites to distribute malware through corrupted banner ads, Web redirects, and other nefarious techniques.

You can't close the hole because end users rely on the Web for business tools. What you can do, however, is purchase border enforcement to cover your assets. These Web-security-as-a-service suites, like the on-premises software and appliances sold by competitors, provide a slate of capabilities, including Web filters to block users from surfing inappropriate or compromised sites; malware filters to pluck viruses, Trojans, and spyware from inbound content; and data loss prevention tools to stop sensitive information from leaking out of the organization.

But is outsourcing Web security to the Web a smart career move?

InformationWeek Reports

The service model has three advantages over traditional on-premises products: lower capital costs, faster deployment of the application, and a reduced management burden on in-house IT staff. Service-based Web security can also help protect remote users when they're off the corporate network. And you've got a range of choices in providers, from upstarts like Purewire, ScanSafe, and Zscaler to established vendors such as Kaspersky, McAfee, Symantec, and Websense.

Sounds good in theory, but latency could derail adoption.

Caught In The Slow Lane?

The theory behind doing Web security in the cloud is relatively simple: Redirect all of your outbound internet traffic to a Web security infrastructure hosted by your vendor of choice. Pick the security services to which you want to subscribe. Develop and enable your policy through a Web management interface. Last, point your client browsers to the vendor's Web security gateway, and you're done.

As is usually the case, however, theory and reality differ. With an on-premises Web security system, users traverse your Internet router and are protected within the LAN environment at wire speed, reducing the potential for latency. With off-site, provider-based Web security, you're adding an additional hop to a proxy over the Internet itself, and that introduces the possibility of slowdowns. The question is, how much latency is too much? End users won't get much sympathy from IT if they complain that Hulu is jittery at work, but line-of-business managers will kick down your door if Salesforce or online meeting apps start to wobble.

DIG DEEPER
As security threats proliferate and budgets stagnate, many enterprises are considering third-party security services. Our exclusive report outlines enterprise options to help you make the right decision.

"The concern about additional latency is one of the first questions we are asked by every potential customer," says Paul Judge, co-founder and CTO of Purewire. As you'd expect, Judge says the latency from his service is imperceptible.

Luckily for IT, it's simple enough to put vendor claims to the test. Most let potential customers create an evaluation account to put the service through its paces. If a potential partner balks at this, walk away.

Overall user experience depends on a host of variables, such as whether a cached copy of the content requested is available either locally or from another source. It's important that network engineers understand a few factors when choosing a provider. Primary among them is a firm grasp of your users' Web behavior, where the provider's proxy servers are physically located, and whether the provider can also supply a caching appliance to minimize latency.

Before signing on, be confident that the provider will be able to scale its infrastructure as it adds customers. And as with any service, you'll need to get details on the provider's service-level agreements.

Web Security Services' Benefits And Drawbacks
5 Benefits
  • Low capital cost to deploy
  • Reduces management burden on infrastructure staff
  • Can consolidate massive logs on provider's storage
  • Value-adds like data loss prevention often included in the base package
  • Protects remote users from advanced Web-based security threats
5 Drawbacks
  • Additional network latency added
  • TCO may not greatly favor provider
  • IT must distribute config changes to every client using the service
  • May shift support calls from infrastructure team to help desk
  • Variables related to captive portals and firewalls at hotels may affect service

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Editors' Choice
Commentary
New Storage Trends Promise to Help Enterprises Handle a Data Avalanche
John Edwards, Technology Journalist & Author,  4/1/2021
Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Commentary
How to Submit a Column to InformationWeek
InformationWeek Staff 4/9/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Download This Issue!
Slideshows
Flash Poll