Published on October 28th, 2013 | by EditorOne0
Is Security-as-a-Service Right for Your Organization?
If cloud computing has done nothing else, it has created an endless list of acronyms ending in “-aaS.” Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) are just a few examples. Now, although it falls under the purview of SaaS, Security-as-a-Service (SECaaS) has added another acronym to the alphabet stew.
Some experts regard SECaaS as inevitable. After all, network security tools via a subscription or pay-as-you-go model looks appealing when a hardware-based solution requires a major upfront investment. For many reasons, cloud-based security is catching on at a phenomenal rate. Gartner predicts that the SECaaS market will grow to $4.2 billion by 2016.
How SECaaS Works
Instead of using a software-hardware combo for security, SECaaS subscribers utilize security tools in the cloud environment. Whether they have an on-premises cloud, a hosted provider or an elastic cloud infrastructure like Amazon Web Services (AWS), organizations pay based on how much they use the service.
Cloud security can be complicated. Organizations want to move into the cloud to run more applications, store more data and leverage stored data without throwing a lot of money into their infrastructure. Even though the number of physical appliances goes down, the number of security appliances can increase, resulting in higher overhead. Using SECaaS means fast deployment and fewer IT personnel dedicated to dealing with security. Small organizations get the network security of a big enterprise without hiring dedicated security staff, for example Trend Micro provides a solution for this.
Moving security into the cloud comes with six primary benefits:
- Flexible licensing. Instead of purchasing annual licenses for security software, your organization purchases a subscription. The licenses rotate easily from computer to computer, and you’re guaranteed to have the latest versions of both software and security signatures. Also, the prices are based on usage so that you don’t pay licensing fees for software that you rarely use.
- Lower costs. You could set aside payroll for a team of security professionals, or you could outsource your security to a company operated by qualified security experts. In addition to saving payroll, you gain access to the latest security technology at a reduced cost.
- Less downtime. When you work with a SECaaS provider, that provider doesn’t just know about the security threats facing your company. The provider also knows about threats that other clients have faced so that its security experts can anticipate potential problems. Also, since your service-level agreement (SLA) will have provisions about downtime, you’re guaranteed improved availability and fewer expenses associated with security breaches.
- Security specialists. With SECaaS, you’re not just purchasing a security appliance. You get not only security solutions but also managed services to go along with it. Instead of relying on IT to audit logs and perform constant monitoring activities, you can depend on the team of security specialists that provide support for your SECaaS solution.
- Full-spectrum scalability. As your employees use their mobile devices in the workplace, your security solution has to do more than just protect your overall network. It has to provide security for all of your endpoints while at the same time scaling up for times of high network demand. SECaaS keeps your network security agile in a way that hardware-software combos can’t.
- Additional goodies. Your SECaaS provider may offer additional services including network management, security auditing and compliance services for HIPAA, PCI and other major regulations. In fact, choosing SECaaS could be the first step toward outsourcing even more of your IT services.
Have It Your Way
If you’re concerned about releasing data security to a third party, then consider outsourcing some more generic security functions like e-mail security, Web services security, application security testing and identity/access management. Outsourcing something as simple as e-mail security to McAfee, can also allow you to test the waters before transitioning all of your organization’s security to a cloud-based model.
By 2015, Gartner predicts that 10 percent of all network security products will be hosted in the cloud. As more businesses choose cloud computing, this number will only increase. Before you commit, take a look at some of the advantages and disadvantages of transitioning your security to the cloud. Then, decide whether SECaaS is right for your organization.
Cloud computing image by Laura Dantonio from Flickr.com.