You wouldn't leave the house without locking the door, right? The police may not be lauded for their willingness to investigate burglaries these days, but they certainly won't be interested if the door was left open, because that is irresponsible. For many organisations, their websites are valuable pieces of property, but too few organisations are doing enough to protect themselves. The most recent version of the CSI Computer Security and Crime Survey from 2009 found that malware attacks, which had previously been on the wane, are increasing rapidly and are the most common threat faced by organisations, cited by nearly two-thirds of respondents. Many big organisations have made their way into the headlines as the result of such attacks recently: "Hacked US Treasury websites serve visitors malware" and "SQL injection hits sensitive US army servers" are just two recent headlines. But, with attacks increasingly targeted at specific organisations or individuals, even the smallest of firms cannot afford to be complacent.
Yet many organisations are leaving web security to chance. And this is at the same time as organisations are expanding their use of the internet, seeing the value of communicating with employees and customers via social networking and other Web 2.0 sites, which are becoming prime targets for hackers. A recent survey by Breach Security shows that 19% of hacking incidents in 2009 were targeted at such sites and the problem is growing.
For many organisations, especially small ones that lack resources for handling additional tasks and that have limited budgets, the problem is one they would like to solve, but they are unable or unwilling to deploy and manage yet more software and hardware for solving a security issue. For them in particular, the use of an outsourced service operated and managed by experts is a viable alternative to consider. There is no upfront investment required, no ongoing management and upgrades are pushed out automatically to all users simultaneously so that the latest protection is always available.
This paper, Why web security is best served in the cloud, provides an introduction to the use of web security services based in the cloud, describes the essential components to look for in such a service and outlines the benefits organisations will see from outsourcing such requirements. With website attacks and defacements a growing area of concern, even the smallest organisation can make sure that they are secure.