Colleges Move Security to the Cloud
Michael Brock, technology director at Valley Forge Military Academy & College in Wayne, Pa., must find creative ways to manage IT.
Brock has only a network manager to help him oversee systems for roughly 500 students and another 150 faculty and administrators. When physically updating antivirus software for every machine became too cumbersome and time-consuming, Brock signed on for Panda Security’s Panda Cloud Office Protection.
“With the cloud solution, we can get everyone up and running quickly and take care of maintenance and uninstalls remotely,” Brock says. “The only caveat is that the full upgrade may require one or more reboots.” To avoid hindering productivity, the IT department gives users the option to reboot at a later time that’s more convenient.
Phil Hochmuth, an analyst for IDC, says organizations such as Valley Forge Military Academy & College realize cost advantages from running a cloud security service across hundreds or thousands of machines.
“There’s no physical patching or maintaining, and all the security gets managed centrally,” Hochmuth says. “In many ways, there’s more of an assurance that the staff are actually using the security features. As organizations move to the bring-your-own-device model, these types of cloud-based security products make an unmanageable situation manageable.”
The percentage of organizations surveyed that are at least discussing cloud services
SOURCE: “Avoiding the Hidden Costs of the Cloud: Global Results” (Symantec, 2013)
Fast and Up to Date
Valley Forge previously used Panda’s on-premises software, but went live with the company’s software-as-a-service offering last summer. “I found that the packaged antivirus software tended to degrade performance,” Brock says.
What’s more, a cloud model offers more current protection. “With all the spam and viruses out there, what we really like about Panda is that they update their virus definitions daily. Most companies update weekly,” Brock says.
Outside Assistance
Like most large institutions, Clemson University manages security in-house, though some of the services built into the university’s Trend Micro antivirus software run over the cloud.
Dr. Kevin McKenzie, chief information security officer at Clemson, relies on Trend Micro’s Web Reputation Services as part of the South Carolina university’s antivirus solution. According to McKenzie, Trend Micro maintains a ratings database of URLs that are known to have malware or malicious code. If a user attempts to visit one of those known malicious sites, an agent built into the antivirus software blocks the site.
“Basically the agent keeps the user from visiting the corrupted web page,” McKenzie explains. “In addition to utilizing the URL ratings database maintained by Trend Micro, the service also lets us set up customized whitelists and blacklists.”
McKenzie says legitimate sites tend to be fine, but he often sees pop-up ads or other executable portions of a web page loaded with malicious content or malware.
“The days of what I call ‘true’ viruses are over,” McKenzie says. “The bad guys have gotten much sneakier, and drive-by downloads for malicious code distribution are on the rise.”
Getting SaaS-y
IDC Analyst Phil Hochmuth identifies four trends that are driving security software asaservice (SaaS) deployments.
- Mobility and the consumerization of IT: As more people bring devices to the workplace, IT departments tend to lose control. By giving IT pros the ability to centrally manage security, SaaS offerings will help them protect mobile data more effectively.
- The growing importance of identity and access management: The more organizations depend on mobility and remote access, the more IT departments will find identity and access management services critical for maintaining data security and control.
- The emergence of hybrid security models: While most large organizations manage most of their security in-house, IT shops will increasingly turn to cloud-based services such as Trend Micro’s Web Reputation Services, which maintains a list of infected websites in the cloud and blocks users from accessing them.
- Cost-saving pressures: Organizations seek to offset the overhead of managing basic security services such as antivirus and antimalware by sending them to the cloud. SaaS technologies will continue to offer lower deployment and operational costs than on-premises solutions.
