AV in the Cloud: Affectation?

Although identified by Gartner as a top ten IT strategy for 2011, cloud technology has yet to realise its full potential in corporate IT departments – the promise of increased flexibility and scalability provided by the cloud is offset by ongoing concerns about the security of corporate data. So it is ironic that the cloud represents one of the most exciting and promising new channels for the development and use of anti-malware software.

A good fit for IT security

Cloud computing is an effective method for performing a number of IT security tasks associated with protecting users. First of all, cloud computing allows parallel data processing, i.e. it is ideal for tasks which can be divided into several parts and processed simultaneously, thus getting quicker results. This is crucial for current antivirus products.

In order to analyse a suspicious program it must be checked against lists of malicious and security software as quickly as possible. If this does not yield results, it must be compared to the signatures of known threats, its code must be scanned for dangerous instructions and its behaviour must be examined in an emulator. All of this research can be performed in parallel. Some processes can even be divided into even smaller parts, for example, database searches. Cloud analysis has a great advantage over analysis performed on a local machine as it allows all of the required detection technologies to be used, having first distributed them between several computers for analysis, thus providing faster and more qualitative research. Additionally, cloud data processing is ideal for reducing the load on a local machine.

Data processing using cloud services also contributes to the accumulation of extremely valuable information. This feature is also important in combating IT threats. The harvested information is necessary for the immediate neutralisation of all known threats, as well as for the detailed analysis of new malicious programs and the development of antivirus solutions.

There must be a continuous exchange of data between the cloud and the numerous local machines running security products. Local computers provide information about current threats which are analysed and neutralised using the cloud’s enhanced computing power, providing a continuous stream of information. Should a new threat appear on just one local machine, protection can be developed immediately and delivered to the other computers connected to the cloud. The bigger the cloud in terms of the number of local machines connected to it, the higher the security level.

Making the right antivirus decision

Antivirus products should incorporate all of the above mentioned advantages of cloud computing: rapid, deep, parallel data processing, reduction of load on local computers and constant accumulation of valuable information about IT threats.