Home
More Commentary
Get news delivered to you
BYTE Categories
Alexander Wolfe

Alexander Wolfe


Commentary

Wolfe's Den Podcast: Trend Micro Takes Security To The Cloud

Comments | Alexander Wolfe, InformationWeek | September 27, 2009 11:13 AM


Welcome to the first in my periodic series of columns focusing on major security vendors. For the launch edition, I sat down with Eva Chen, CEO and co-founder of Trend Micro, to talk about changes roiling the industry. The discussion took place against the backdrop of an arena that's being buffeted by the rising tide of malware. (Click on the play icon right here to access the podcast, or scroll to the bottom to see the full player.)

Chen and I chatted after the panel I hosted at the InformationWeek 500 Conference, "Strategic Security: Maximizing The Business Value Of Your Security Investment." During that session, along with noting user concerns about cloud security, she emphasized how cloud computing is changing the way enterprises approach protecting their resources.

We returned to the cloud theme in the podcast, with Chen mentioning that the top concern repeatedly raised by cloud customers is security. She also pointed out that utilizing cloud resources creates a situation where a user's data, system and network could all be in different places. This, in turn, shifts the security focus squarely to locking down that data. Her advice: "The customer should insist that only they themselves have full access to their data," adding that not even the cloud provider should have such access.

Chan said that users need to go to their cloud provider and make sure their security policies match up. "They should [also] come up with a policy for how they want to secure their own data. For example, a new technology like identity based encryption can be used," she explained. "Customers can encrypt their own data with their identity, and therefore only they themselves can access that data."

Cloud has also been a key enabler for an advance Trend has brought to its own security products. Namely, Trend has moved its library of malware signatures to the cloud. This was done with an eye towards ending the frequent -- and frequently large -- downloads of signature updates common to client-side security programs. Maintaining malware signatures in the cloud allows them to be easily updated and rapidly accessed by end-user security programs.

"Every two seconds, there's a new piece of malware," Chen said. "It's impossible to store all the malware signatures on a tiny netbook. Therefore Trend Micro came up with the smart protection network -- we put all these signatures up in the cloud."

Trend maintains what it calls Threat Reputation Databases, comprised of Web, e-mail, and file threats. These are lengthy lists of phishing pages, spam sources, and dangerous executables. The word "reputation" comes into play because Trend uses a technique called reputation scoring to assess the relative threat, or "reputation" of a suspicious file or Web page. "Therefore customers can have a very lightweight agent on their machine and all these reputation databases in the cloud will provide the most up to date database list of threats," Chen said.

Enterprise Security

The advent of Windows 7 is also changing the landscape somewhat, because of its potent, policy-based security tools. For example, Microsoft's new operating system has features which enforce what apps can be run on individual users' systems and what data they can access.

However, Chen notes that attempts to lock down data, while laudable, won't necessarily be impenetrable when you're talking about enterprises with increasingly large mobile work forces.

As well, increased mobility kills the idea of a tight security perimeter. The upshot, says Chen, is you need to rethink your endpoint: "There's no way you can different between you network and my network. Every endpoint needs to be secure." (This includes USB drives walking data out of the company.)

At the end of the podcast, I asked Chen for a couple of advice takeaways. "Rethink your end-point security, because of all those mobile devices out there, which need to be secure," she said. "Second, secure your Web site. It's outward-facing -- that's where your company's reputation and brand are at risk."

For Further Reading

Trend Micro's TrendLabs Malware Blog;

My NetworkComputing blog: Cybersecurity Challenge: Is Your Network Safe? (Probably Not);

Another NetworkComputing post: Crypto Key Management Is Next Wave In Net Security;

What's your take? Let me know, by leaving a comment below or e-mailing me directly at alex@alexwolfe.net.

Follow me on Twitter: (@awolfe58)

Alexander Wolfe is editor-in-chief of InformationWeek.com.



Related Reading

News

Commentary

Most Popular

On the Web

More Insights

White Papers

More >>

Webcasts

More >>


Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

BYTE encourages readers to engage in spirited, healthy debate, including taking us to task. However, BYTE moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. BYTE further reserves the right to disable the profile of any commenter participating in said activities.

COMMENTS
Tune In to BYTE
Facebook Twitter LinkedIn Newsletter RSS
Whitepapers
whitepaper
CIO Strategies for Consumerization: The Future of Enterprise Mobile Computing
In this paper you will learn the five trends shaping the future of enterprise mobility. Learn how the rise of social media as a business application, the lurring between work and home, the emergence of new mobile devices, the demand for tech savvy employees and changing expectations of corporate IT will fundamentally change the workplace.
whitepaper
Media Tablets in the Enterprise
In a survey of more than 1,700 information workers (iWorkers) in North America, notebooks, desktops, and smartphones were found to be “must-have” devices, while tablets, slates, and netbooks were relegated to “nice-to-have” status, according to a commissioned study conducted by Forrester Consulting on behalf of Dell and Intel.
Sponsored by: Dell
Upcoming Events
  • Smarter Mobile Security: Securing BYOD
  • Smarter Mobile Security: Minding the Gaps
  • Protecting Enterprise Data in the Cloud
  • Safe and Secure Cloud Computing: Is there such a thing?
  • The Evolution of Advanced Persistent Threatss: The Current Risks & Mitigation Strategies


    • More Webcasts>>