Security-as-a-Service: The Other SaaS

Security-as-a-service (which is hard to reduce to an acronym since it would be the same as its close cousin, software-as-a-service) is a platform for our times.

If done right, this approach -- related to the managed security services category -- can keep various security tools updated in a way that would be difficult for individual organizations, especially SMBs. It also relieves the organization of the need for expensive equipment and staff with highly specialized knowledge.

There were two introductions this week in the sector. ComputerWorld offers an interesting profile of Zscaler, a security-as-a-service startup. Traffic is routed through gateways in Atlanta, Chicago, New York or Washington, D.C. Zscaler executives claim the service reduces latency as compared to on-site approaches that can require the deployment and management of multiple pieces of equipment. The technology has been tested by The Weather Channel, which may sign up for service, the story says. The other newcomer this week is Purewire. This Dark Reading piece says Purewire uses traditional URL filtering and analyzes user reputation. Volume discounts are available for the service, which the story says starts at $30 per user.

This NetworkWorld posting, which purports to support security-as-a-service, doesn't even mention it until near the end. Instead, the post presents a litany describing the inadequacies of current security methods. They are too slow, too inefficient, too expensive, use too many resources and are too complex. Security-as-a-service, the writer maintains, is the best alternative for SMBs. While the post doesn't combat each of the issues on a point-by-point basis, the implication is that the cloud-based model is far more agile and alleviates issues by changing the focal point from the business's premise to the service provider's.

An existing player in the security-as-a-service category is McAfee Total Protection Advanced - Small Business Edition. Last month, The Tech Herald reviewed the product. The review seems reasonably positive, but clearly not gushing. The site rated the platform on integration and deployment simplicity (simple to deploy, but limited to Windows); management capabilities (simple, but slow scanning); coverage (passed the site's Malware Core test and sounded an alarm when an attempt was made to connect to a malicious site); and end-user management (easy management but resources were stretched when updates launched).

Security-as-a-service will be a bigger deal going forward, especially if the distinct groups are lumped together into a single category. Last month, Gartner released a report that said cloud-delivered security will have a "dramatic" impact. Service revenues in several segments -- such as anti-malware, anti-spam and e-mail and IM protection -- will more than triple from about 20 percent now to more than 60 percent by 2013. Part of that increase will be driven by the ability to deliver services in new ways and by new types of providers, Gartner says.