Web Security Goes Online - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Software as a Service
10:30 AM
Randy George
Randy George
Connect Directly

Web Security Goes Online

A growing number of providers offer Web security in the cloud

The Internet is the attack vector of choice for malware developers and data thieves of all stripes because the HTTP protocol constitutes a big, gaping hole in your defenses. While some users bring grief on themselves by browsing inappropriate and risky pages, criminals target legitimate sites to distribute malware through corrupted banner ads, Web redirects, and other nefarious techniques.

You can't close the hole because end users rely on the Web for business tools. What you can do, however, is purchase border enforcement to cover your assets. These Web-security-as-a-service suites, like the on-premises software and appliances sold by competitors, provide a slate of capabilities, including Web filters to block users from surfing inappropriate or compromised sites; malware filters to pluck viruses, Trojans, and spyware from inbound content; and data loss prevention tools to stop sensitive information from leaking out of the organization.

But is outsourcing Web security to the Web a smart career move?

InformationWeek Reports

The service model has three advantages over traditional on-premises products: lower capital costs, faster deployment of the application, and a reduced management burden on in-house IT staff. Service-based Web security can also help protect remote users when they're off the corporate network. And you've got a range of choices in providers, from upstarts like Purewire, ScanSafe, and Zscaler to established vendors such as Kaspersky, McAfee, Symantec, and Websense.

Sounds good in theory, but latency could derail adoption.

Caught In The Slow Lane?

The theory behind doing Web security in the cloud is relatively simple: Redirect all of your outbound internet traffic to a Web security infrastructure hosted by your vendor of choice. Pick the security services to which you want to subscribe. Develop and enable your policy through a Web management interface. Last, point your client browsers to the vendor's Web security gateway, and you're done.

As is usually the case, however, theory and reality differ. With an on-premises Web security system, users traverse your Internet router and are protected within the LAN environment at wire speed, reducing the potential for latency. With off-site, provider-based Web security, you're adding an additional hop to a proxy over the Internet itself, and that introduces the possibility of slowdowns. The question is, how much latency is too much? End users won't get much sympathy from IT if they complain that Hulu is jittery at work, but line-of-business managers will kick down your door if Salesforce or online meeting apps start to wobble.

As security threats proliferate and budgets stagnate, many enterprises are considering third-party security services. Our exclusive report outlines enterprise options to help you make the right decision.

"The concern about additional latency is one of the first questions we are asked by every potential customer," says Paul Judge, co-founder and CTO of Purewire. As you'd expect, Judge says the latency from his service is imperceptible.

Luckily for IT, it's simple enough to put vendor claims to the test. Most let potential customers create an evaluation account to put the service through its paces. If a potential partner balks at this, walk away.

Overall user experience depends on a host of variables, such as whether a cached copy of the content requested is available either locally or from another source. It's important that network engineers understand a few factors when choosing a provider. Primary among them is a firm grasp of your users' Web behavior, where the provider's proxy servers are physically located, and whether the provider can also supply a caching appliance to minimize latency.

Before signing on, be confident that the provider will be able to scale its infrastructure as it adds customers. And as with any service, you'll need to get details on the provider's service-level agreements.

Web Security Services' Benefits And Drawbacks
5 Benefits
  • Low capital cost to deploy
  • Reduces management burden on infrastructure staff
  • Can consolidate massive logs on provider's storage
  • Value-adds like data loss prevention often included in the base package
  • Protects remote users from advanced Web-based security threats

5 Drawbacks
  • Additional network latency added
  • TCO may not greatly favor provider
  • IT must distribute config changes to every client using the service
  • May shift support calls from infrastructure team to help desk
  • Variables related to captive portals and firewalls at hotels may affect service

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll