Security-as-a-service growing

When you ask IT professionals if they use cloud computing or software-as-a-service, most start by saying "no". But if you ask some follow up questions, you will quickly find out about "that one application" that is a SaaS application.

When you ask IT professionals if they use cloud computing or software-as-a-service, most start by saying "no". But if you ask some follow up questions, you will quickly find out about "that one application" that is a SaaS application.

In security, this effect is even more pronounced. Companies don't think they use security-as-a-service or "cloud" security. Yet, many do, in the form of messaging security: e-mail antispam and antivirus. This type of security outsourcing, where security is delivered as a service from the cloud and without on-premise hardware, is growing 12% year-on-year. It's becoming a great outsourcing option for companies that lack the skills or do not want to retain and maintain the skills in some security function.

Seven deadly sins of cloud security

What would your ultimate network security look like?

Of course, not all security functions are suitable candidates to move into a cloud environment. Messaging security is particularly suited to cloud delivery for two reasons. Firstly, e-mail travels through external gateways anyway, so security professionals don't have to worry too much about putting their data "out there". Secondly, e-mail transmission has variable latency measured in minutes, so adding an external gateway won't delay things noticeably.

In our research we've found that e-mail antispam accounts for the vast majority of cloud-based security services. Of those companies using some form of security-as-a-service, 84% used e-mail antispam services. Antivirus was the second most common with 42% share among security-as-a-service users. Other services include cloud-based firewalls, intrusion-prevention systems (IPS), protection against distributed denial of service (DDoS) and vulnerability scanning.

Many of the above-mentioned security services are well suited to cloud delivery. Controls like firewall, IPS and DDoS protection are best applied on the far side of an Internet or WAN connection as they result in a reduction of transmitted data. Filtering the unwanted traffic means less traffic to carry across expensive links and less pressure to upgrade congested links. Another advantage of cloud delivery is the external perspective of the service provider, as is the case with vulnerability scanning, where those buying the service want to know what vulnerabilities are visible from the outside (this is often a specific regulatory requirement).

So why are companies buying security-as-a-service or "cloud" security? As with most outsourcing, there are a number of business drivers that may be influencing the decision to purchase these services. Conventional wisdom would point to "cost" as the top reason and as in many other situations the conventional wisdom is wrong. In fact, the primary driver for adoption of security-as-a-service is that companies see these external services as more effective than in-house solutions. Antispam for e-mail is a good example -- it's at the front lines of the security "war" and involves constantly changing attacks and countermeasures. What worked a few months ago and gave your company pristine mailboxes will almost certainly result in a tsunami of spam a few months later. So hiring, retaining and re-training people to fight this battle is expensive and less effective than hiring an external company to do it for you.

Cloud computing has already arrived for security. It's often overlooked because antispam-in-the-cloud may not be as glamorous as "cloud computing" implies, but it is a practical, effective and cost-effective solution.

Read more about wide area network in Network World's Wide Area Network section.

Tags SaaSConfiguration / maintenanceantispamhardware systemssoftwareinternetanti-malwareSoftware as a servicecloud computingData Centerantivirussecurity-as-a-servicesecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andreas M. Antonopoulos

Network World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?