Why Your Company Should Consider Security-as-a-Service

Ralph DeFrangesco

Many companies have to tighten the proverbial security belt these days. However, the needs do not shrink proportionally. Now is not the time to be cutting back on log management, threat management or malware detection. So how does a company do more with a static budget? The answer may surprise you - outsource it. I know that many managers are reluctant to outsource security management; I am one of those people. I think that you have to be smart about it and use security outsourcing to free up your people to do the high-level work that, at times, there somehow just isn't enough time to do such as analysis, security architecture and strategic planning. You know, those things that you should be doing.


Security as a service is not a panacea. Security is only as strong as your weakest link. If you outsource it, it's only as strong as the provider's weakest link, which you probably won't even know. Earlier this week, I wrote a post about requiring your cloud vendor to produce a SAS 70 type II certification. I think that this would be another example where I would require my security outsourcer to produce the same certification as well.


Many security vendors offer cost-effective options. Quest, a California-based service provider, recently teamed up with Intellitactics to market an event management appliance that helps organizations meet most compliance requirements such as HIPAA, Sarbanes-Oxley and GLB, without a huge cost overhead.


Have a Web site that needs monitoring? Dasient, a Web anti-malware company, will monitor your site should it appear on a blacklist, alert you instantly if there is malware activity on your site, and automatically quarantine a malware infection discovered by its monitoring service.


Security as a service is a tool. Like any other tool, it's only as good as the person, or the organization, that uses it. Smart companies should use security as a service to supplement their existing staff while freeing them to do the things that probably are not getting done.

Add Comment      Leave a comment on this blog post
Jul 6, 2009 11:14 AM Phil Barnhart Phil Barnhart  says:

A site may be currently be free of malware but it may have a checked past.  Also, sites may be blocked based on reviews at services such as OpenDNS and Site Advisor.  Your domain - especially a recycled domain newly acquired -may be banned or blocked due to previously delivering malware, trojans, or porn.  Automated monitoring is a great idea, but you should also do a background check.

One way is by using the free Domain Background Check cheat sheet at http://siteriver.com/domaintest.php - generates over a dozen links to domain check, anti-malware, and other tools to quickly check if your domain name is ready for business or is still on parole.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.