Cloud Gazing for 2009

by Matthew Young    Mar 09, 2009

Matthew Young, VP (sales) Blue Coat Asia-Pacific, tells us what 2009 holds in store for the Internet, on-demand applications, and radical concepts like cloud computing and Web 2.0.

* The weak economy
will result in a new wave of malware and phishing attacks

 

The recession that impacted the world economy in 2008 and
continues into 2009 will create a number of opportunities for cybercriminals.
Because recipients of spam that contain links to infected and malicious Web
sites will be more receptive to certain kinds of spam job sites, mortgage
offers, bailout news and the like expect an increase in campaigns focused on
economy-related messages.

 

* There will be
continued pressure on organizations to adopt Web 2.0 technologies, particularly
in a soft economy

 

Web 2.0 applications can provide IT departments with the
ability to deploy new functionality at a low cost per user and with minimal
up-front investment, and it allows them to maintain these tools at lower and
more predictable costs. This is driving increasing use of hosted applications
for email, CRM and a variety of Web-based applications. Expect 2009 to see a
significant increase in demand for hosted services of various types.

 

 

* The Web will
continue to supplant email as the primary threat vector for Malware

 

Sophos has found that emails with infected attachments are
much less of a threat today than they were just a few years ago — in 2005, for
example, one in 44 emails contained an infected attachment, whereas in 2008
that figure had fallen to 1 in 714. However, spam a growing proportion of which
contains links to malicious or otherwise dangerous Web sites continues to grow.
At the same time, Web-based threats are on the increase and are a more serious
threat than email-oriented malware in many organizations. Expect that trend to
continue during 2009.

 

* Web clients will
increasingly need to be connected to a cloud service

 

The most effective protection for Web clients will come from
cloud-based services in which a community of users is actively working to
protect the entire community from malware. Standalone tools to protect
individual Web users will maintain some efficacy, but this will dwindle over
time as newer threats simply become too numerous and too sophisticated for
standalone clients to manage effectively.

 

* Web clients will
need additional layers of defense one against the Web does not work

 

Community-oriented, cloud-based defenses will need to be a
key part of an entire defensive infrastructure. Further, Web developers will
need to become more focused on protecting their Web sites and Web applications
from SQL injection attacks, IFRAME attacks and other threats, becoming more
active participants in the defense process. They will need to focus on
designing their applications to be used in a multi-layered infrastructure
designed to detect and thwart Web-oriented attacks at every point in the network.

 

* Good desktop
anti-malware defenses will continue to be more important than ever

 

While client-side anti-malware tools are becoming less
useful over time as cybercriminals design their content to thwart these
defenses, client-side tools have not been rendered useless. They are
particularly important for home-based workers who might introduce malware into
corporate networks Osterman Research has found that more than 70% of
employees who use email at work check their work-related email from home. For
many companies, employees home computers are the weak link in the corporate
defense infrastructure

 

* Encryption on
mobile devices will become more important

 

Mobile devices continue to account for a growing share of
individuals access to email, websites and Web-based applications, including a
growing proportion of the sensitive data they receive and generate. As a
result, mobile devices represent an increasingly serious threat for
organizations of all sizes. This will require additional protection, including
encryption, so that sensitive data cannot be accessed, sold or otherwise used
in inappropriate ways. DLP will be a critical technology given the security
risks introduced by mobile devices, mobile DLP will be even more important.

 

* Backups for laptops
and mobile devices will become increasingly important

 

Mobile devices, ranging from laptops to iPhones, contain a
growing proportion of users and organizations critical business records. As a
result, this content must be backed up and archived so that it is protected
against deletion, made available for other users, and preserved for regulatory
and legal compliance issues. A failure to adequately protect this data can put
organizations at risk of non-compliance and puts the long-term availability of
critical content at risk.

 

* Organizations of
all sizes should use centralized policy management

 

Centralized policy management will be increasingly important
to help organizations manage the growing number of policies they are required
to satisfy. These policies can range from protection of consumer information as
dictated by state, provincial, Federal and international laws; to long term
preservation of content to satisfy regulatory obligations like SEC laws or
Sarbanes-Oxley; to legal requirements to preserve information that might be
needed for litigation; to corporate policies to protect information for
knowledge management purposes.

 

* Acceleration based
on Common Internet File System (CIFS) acceleration will increasingly become a
best practice

 

CIFS acceleration used in a remote client provides faster
file backups and improved access to internal files. The use of remote clients that
can enable or disable acceleration based on the location of the client will
become a best practice, particularly when integrated with a Web filtering
capability.