In this post, I’ll focus on Infrastructure providers (IaaS), though these points may be relevant to platform and software providers as well.
Infrastructure providers tend to be very good at providing security inside the infrastructure. However, not all providers go beyond infrastructure security. Instead, the model is to have a shared security where responsibility for security beyond the infrastructure is in the hands of end-customers.
In the simplest example, the provider sets-up a virtual instance running, say, Windows, but everything that runs within that instance, including operating system and applications, is the responsibility of the end-customer. On the IaaS side, this is completely reasonable theoretically, but it has potentially damaging results if the end-customer isn’t taking further steps to protect the OS or the apps.
Best interests and the role of security
Of course, part of providing secure infrastructure is making sure that systems provisioned to customers aren’t impacting other customers. Monitoring, isolation, and other techniques are used to prevent an infected system from attacking other systems, or saturating the network with traffic (outbound SPAM, for example), and so on. This is all in the best interest of the provider since not doing so would negatively affect customer experience.
But is it enough for the customer?
Even if the most diligent customer recognizes and acts upon their role in securing the OS or apps in the instances they’ve ‘rented’, traditional security models and licensing often run counter-intuitively to a flexible and agile environment that the IaaS provides.Without knowing about or having access to security that is in lockstep with the IaaS model, customers have limiting choices for security.
Let’s face it, traditional security and subsequent licensing are fraught with many shortcomings in the IaaS environment – not too many security models offload scanning from endpoints to virtual appliances or have licensing that lets customers spin up and spin down security in parallel with instances.
What I see is a great opportunity for service providers to differentiate their services by providing endpoint security, specifically antimalware, as part of their offering.
If offered using the right solution, the following advantages for end-customers and providers can be realized:
Customers won’t have to go through bring-your-own-license for systems that they may use for only hours or days at a time – per instance, per hour
The provider won’t see resource consumption spikes when customers with large numbers of instances perform full-system scans, updates, or upgrades of traditional antivirus
The provider can incrementally increase revenue per-instance
Notice this list of advantages touches both the provider experience and end-user. In other words, better security, and extending better security to the endpoint instances themselves, is better for everyone. The most important aspect for the provider is to use the right solution. If not offloading scanning to a virtual appliance for centralizing and deduplicating antimalware functions, the provider risks adding undo strain on their own environment.
Even better, if the same solution can also manage traditional (laptops, desktops, physical servers), mobile devices, and be extended back into a customer’s virtualized datacenter, a provider can start to see revenue from outside the walls of their infrastructure.
For information about deploying a virtualization-centric antimalware solution in a typical provider infrastructure, download: