Run a quick Google search for "Internet security protection" and you'll come across plenty of antivirus software solutions claiming to protect your company's devices against the multitude of nasty infections out there on the Web. Historically, antivirus software has been the foremost choice of protection for CIOs against these threats.
These days, as companies and consumers increasingly conduct their business in the cloud, securing virtual identities, browsing activity, and personal data arguably has become more important than securing physical devices. Now that we've added mobile to the mix--especially in the case of Apple's iPhone, a device that's fairly secure by default--the need to protect the device has been overshadowed by the increasing need to secure our online interactions.
So, should you still include antivirus software in your IT budget?
How the Cloud Is Changing Security
Until recently, I've been a big believer in the idea of securing both your device and your browsing activities. The general consensus amongst CIOs was to protect their teams with both an antivirus to secure their computers and mobile devices and a personal VPN to protect employees against online threats. However, I had coffee a couple weeks back with Monish Bhatia, a security expert over at MacNN who's been writing about these issues for years; he posed an interesting question that made me think twice about the need for antivirus: "Do we really need antivirus if we're using a personal VPN and thus securing all browsing, passwords, websites visited and our personal privacy in the cloud?"
To understand the answer to this question, we have to think about how viruses infect our devices. In the old days it was through installing floppy disks or thumb drives. Now that those are long gone, most viruses infect your device through the Web or via email exchanges. But if both the Web and your email are protected by cloud security, it's highly unlikely that viruses will ever make it as far as your device. If this is the case, will the need for antivirus software be less important in the future?
Think Beyond the Device
As more and more businesses and consumers entrust reams of precious, and highly confidential, data to the cloud, direct threats to devices become less relevant than the threat of compromising our identities or personal data--via Google docs, Dropbox files, passwords, search activities, or sites visited--online. Every week, stories of massive hacks, stolen data, and compromised security pepper the headlines. From Google and LinkedIn to Lockheed Martin and Citibank, giants in the tech, banking, and defense sectors--just to name a few--have been hacked in recent months. But it's not usually their devices that come under direct attack; it's a weakness in their security systems that make them vulnerable to hackers. (Identity theft affected 10 millions Americans last year, and your identity is a lot more likely to be stolen online than anywhere else.)
Enter cloud security players that protect the Web, rather than the device, and the role of antivirus companies is greatly diminished. When my company launched Hotspot Shield, an app that encrypts all pages visited and enables users to stay completely private when browsing the Web, we weren't sure how big the demand for secure browsing and identity protection online would be. But with the move to the cloud, we've experienced firsthand the need to secure not only the device, but all online interactions and browsing.
I'm certainly not encouraging businesses to scrap their antivirus protection, but it's essential that companies pay more attention to securing their online activities. By doing so, you'll eliminate many of the threats that antivirus companies try to solve, before these threats ever make it near your devices. Just the way a good highway patrolman secures the highways to protect the cities, properly securing your business in the cloud will keep your data and, in turn, your devices out of hackers' reach, before it's too late.