Not a day goes by that we don’t hear of a new data breach or malware attack. That’s why it’s important to be ever vigilant and constantly prepare for what may come next.
For many businesses, large and small, the risk to their organization’s integrity, reputation, compliance and operations are dependent on maintaining the highest degree of security across their increasingly mobile workforce, highly distributed hybrid data center, and their SaaS vendor community.
But there are high costs involved in driving the adoption of SaaS security services, including:
- Monitoring and maintaining security systems effectively
- Managing the sprawl of enterprise security devices
- Attracting, hiring and retaining security professionals
- Staying on top of the rapidly changing threat landscape
IDC predicts worldwide revenues for security-related hardware, software and services will reach $81.7B in 2017 and continue to increase to an estimated $105B in 2020. Forecasts show the fastest growth segments include device vulnerability assessment software, software vulnerability assessment, managed security services, user behavior analytics and UTM hardware.
Security as a Service: A Definition
Security as a service is a business model in which the service provider integrates their cloud-based security services into a corporate infrastructure on a subscription basis. Leveraging economies of scale because they service multiple tenants, the service provider can also provide the security service more cost-effectively than the corporation or small business would be able to do it themselves. However, the security is limited to intellectual or informational property. This results in no financial outlay for on-premises hardware.
Managed security services are usually offered in conjunction with security as a service to provide a holistic security solution. MSS allows for the outsourcing of some of the more highly technical skills and resources, like 24×7 monitoring and management operations, thus saving the customer some of the cost of these resources, as they’ll share them with the other customers. These capabilities can complement the needs of the business customer.
The benefits of this shared security services model include:
- Quick scaling of the service, either up or down, to match the needs of the business
- Consumed as a utility with no capital investment to utilize the service
- Fast and transparent software upgrades and patches
- Cost-effective, highly scaled shared use of skilled resources and expensive capital investments
Classifying Security Solutions
A wide range of SaaS offerings are available for solution providers to meet the individual requirements of their customers. See how the SaaS working group of the Cloud Security Alliance breaks down these categories.
There are three principal delivery models for cloud-based security as a service. The choice is dictated by the role and constraints of the specific offering. In general, they fall into three reference architectures that may be mixed and matched based on the suppliers’ solution, types of assets being protected and the demands of the end-customer.
- Gateways: Generally these solutions are applied to web and network solutions. The principal security function is applied at the gateway as traffic passes through it.
- Hub-and-Spoke, Inline: These solutions operate in a hybrid of a cloud-based and (often) on-premises based asset. These are found in endpoint security offerings.
- Hub-and-Spoke, Management: These are instituted in many vulnerability management and end-user provisioning solutions. Functionality does not operate in the session and is run by administrators. These security services generally use connectors and frequently on-premises network elements to augment the solution.
In the ongoing battle against constantly evolving cyber threats, IT and security management face another threat: lack of skills and resources. Every security product will claim to secure a network, and yet none can guarantee ongoing protection due to the speed at which the landscape is changing. Failure to comply with regulations to protect personal and financial information and personal data will certainly erode public trust and may lead to fines. Building a robust security practice in-house is increasingly expensive at the same time CIOs are facing increased scrutiny and lower budgets.
Service providers and solution providers that re-sell security as a service solutions are perfectly positioned to take advantage of this confluence of events. Security as a service can lessen the burden on under-resourced, under-prepared security/IT teams at organizations both big and small. SaaS can also provide a more cost-effective and efficient way to provide protection and compliance to on-premises, hybrid and pure cloud models.
The times we live in are getting more dangerous, and the role of the information security leader must continue to evolve to meet these threats. Are you ready?
To find out more on security as a service offerings and the Arrow cloud offerings, platforms and enablement programs, contact Arrow at ECSCloudServices@arrow.com or call 877.558.6677.