For many of the same reasons Software as a Service (Saas) has made major inroads in the salesforce automation/CRM space (think salesforce.com), it’s also become a compelling option in security.

SaaS security is simply a security capability delivered as a service instead of a product. For example, Message Labs offers capabilities such as anti-spam filtering and email encryption as a service. Other SaaS security services, such as ChosenSecurity’s QuickStart certificate service, deliver certificates using a service that can be accessed by any Web browser. The latter is an alternative to setting up a product such as the Microsoft Certificate Authority.

Any business can use SaaS security. Its benefits transcend industries and software applications. For the most part, SaaS can be deployed more quickly and will have lower costs than deploying software products, particularly for smaller deployments. For security solutions, this cost benefit is usually reduced for larger deployments, and may disappear altogether for very large deployments. 

The SaaS approach is generally less flexible than a product approach, so it may be easier to integrate a product into a complex environment than a service. A good deployment strategy would be to start out with the SaaS approach to gain experience with the security capability and then migrate to a product if the service is too limiting or too expensive.

Smaller organizations may choose to outsource all of their security due to lack of expertise or resources. Most large organizations, particularly ones with security expertise, will elect to provide that capability themselves. Since the primary benefits of the SaaS approach are lower cost and speed of implementation, most organizations will use the SaaS approach when they are trying to introduce a new capability or reduce the cost of an existing one.

Selecting a SaaS securities vendor can be a challenging task. The first step is to be clear about what security capabilities you want to deploy. This can range from something you already do in-house, but would like to outsource, to something you would like to try for the first time. The task of sorting through vendors will be a lot simpler if you are clear on what you are trying to accomplish. If you are trying to achieve that clarity, you will be better off hiring a consultant, or doing an internal project first to identify your requirements. Once you have clearly identified a requirement—for example, email security—it is much simpler to identify the relevant vendors. With that accomplished, the choice usually comes down to price, features and the quality of references.

One of the classic strategies in security is the concept of defense in depth. The idea is to have multiple defenses so that if one is defeated there are others to back them up. This is the reason people often use multiple antivirus products, since one will often catch malware that the other will miss. Thus, it makes sense to have desktop protection in addition to network and email protection. 

If you are seeking to establish digital trust between employees, clients and suppliers doing business over the Internet, SaaS solutions offer particular advantages over in-house solutions or traditional managed services. For example, in-house software and traditionally outsourced managed services are expensive and complex to implement. Meanwhile, some SaaS security solutions reduce implementation time by up to 70% vs. in-house product implementations and by 50% vs. traditional managed services. This can translate into implementations that take days, instead of months.

And while the capital costs as well as hardware and software licensing fees involved in some security areas such as anti-virus are fairly trivial, they can be very significant in other areas such as PKI, which is the traditional alternative to on-demand SaaS digital trust offerings. That means that the economic case for SaaS digital trust solutions is even more compelling.

Having been business tested for about 10 years, SaaS solutions have passed early stage doubts about their viability and are proving themselves in nearly every business application area. Security just happens to be one of the more compelling ones because of the specialized resources required to manage an in house security solution.

Comments:

“A good deployment strategy would be to start out with the SaaS approach to gain experience with the security capability and then migrate to a product if the service is too limiting or too expensive.”

- I totally agree with this. Business will often outsource because they know nothing about a particular field. Contracting an outside provider should also be a learning experience for the business.

“The task of sorting through vendors will be a lot simpler if you are clear on what you are trying to accomplish.”

- most outsourcing relationships go wrong because of a lack of understanding and clarity of objective in the part of the company. I think marketing outsourcing services has gone too far in saying that outsourcing is for businesses that know nothing about a topic. The strategic direction should always come from the hiring business but this entails some technical knowledge.

Sean Pellegrino
-Managed Services Maryland (www.managedservicesmaryland.com)

Add Your Comment

Name: Company name:

Email:

(We will never sell your name or e-mail address to anyone)

Comment:

Remember my personal information
Notify me of follow-up comments?

Please enter the word you see in the image below: