Conventional wisdom has long held that some workloads are better suited for use in the public cloud than others. Databases and other managed services, for example, tend to work well in public cloud environments, while legacy applications such as file servers can be problematic. Recent improvements to some of the cost and latency issues associated with cloud-based file servers have resulted in an increase in the number of organizations leveraging cloud file storage--which has also necessitated a change in the way they address anti-malware solutions.
It has always been important for organizations to protect their file servers with some sort of anti-malware solution, and the need for protection against malware does not go away simply because an organization is using cloud file storage. Even so, there is no guarantee that an anti-malware tool that was designed for on-premises use is going to be effective in a cloud environment.
Imagine that an organization has implemented a cloud-based file server and is using Microsoft Azure File Sync (or something similar) as a tiered storage solution. This would allow recently accessed data to be cached on premises, decreasing latency when users access file data. Let’s also assume that this imaginary organization continues to use anti-malware software to protect its file data, just as it did when the data was located on premises.
The issue that the organization might run into in this particular situation is that scheduled scans of file data could cause file data to be cached. After all, the synchronization server is specifically designed to cache hot data.
On the surface, caching that is triggered by anti-malware software might not seem like a big deal. However, it can cause a couple of problems when it comes to cloud file storage.
The first of these problems is that the caching process can introduce performance problems. Hot data that users have been working with could potentially be purged from the cache to make room for the data that the anti-malware software is accessing.
The bigger problem if anti-malware ends up caching data in this way is that it could lead to significant data egress charges. Data egress charges are fees that most cloud providers charge any time data leaves the cloud. These fees can be substantial for large data sets.
Organizations must consider how they can continue to provide malware protection for data stored on cloud-based file servers, without introducing performance problems or excessive data egress fees in the process.
The first thing that should be done is to make sure that whatever software is being used for file synchronization--whether it’s Azure File Sync or something else--is kept up-to-date. Cloud providers are beginning to realize that malware scanning can cause problems and are slowly updating their data synchronization solutions to help counteract those problems.
The second thing that organization should do is to make sure that the anti-malware software that they are using recognizes the FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS attribute. Anti-malware software that recognizes this attribute may be able to avoid downloading files that have this attribute set, avoiding problems related to performance and data egress fees in the process.
Incidentally, Microsoft’s own Windows Defender and System Center Endpoint Protection are both designed to work with this attribute. Microsoft also provides a test suite that can help to assess whether an anti-malware application is likely to experience problems with Azure File Sync.