Security Software-as-a-Service (SaaS) is a security control that is available by subscription and is managed and delivered via the Internet by a software vendor. The Security SaaS model is generally well-suited for businesses that either have few IT resources or none at all in-house. It also works for businesses that are not interested to invest in security hardware or do not have time for managing security or a large number of remote users. In other words, this model serves a broad spectrum — all the way from SMBs to large enterprises.

For most CIOs around the world, taking on SaaS-based software services is not an option anymore, it is a necessity. Enterprise CIOs have realized that in order to remain competitive, they need to optimize their IT budgets and leverage the cloud for greater security in the ever-changing threat landscape. For CIOs of large enterprises, the paramount security concern without a SaaS/cloud-based security offering is that often the remote workers do not VPN into the corporate network to get the latest security updates and policies. With SaaS, security is always on, always up-to-date and CIOs can rest assured that security policies are uniformly applied, regardless of the employee’s location.

The next big challenge that a CIO faces is ensuring remote workers are compliant with the organization’s security policies. The relinquishing of control is a tough pill for IT administrators to swallow. Most large enterprises have not quite adopted cloud all the way yet because of this very reason. The optimal way to look at this situation is to do a TCO and ROI analysis, factoring in the risk of remote employees not keeping their systems up-to-date with security.

Finally, in today’s scenario, most CIOs face a hybrid requirement — managing employees who come to the office campus with on-premise security solutions and managing the remote workers with SaaS. Then the problem to solve becomes how to have a single security view of the enterprise. If you are considering the offerings of security SaaS software vendors as the solution to the problem, be sure to enquire about the following:

1. Has the vendor been in the security SaaS business for a significant length of time and earned the reputation for being the best in class?
2. Can you reduce or eliminate the on-premise hardware and software costs, deployment and maintenance by offloading the server management to a third-party software vendor, thereby optimizing your IT budget?
3. Does the vendor offer a hybrid solution with a single management view of security across the enterprise?
4. Does the SaaS management platform hosted by the software vendor on their infrastructure offsite provide centralized deployments, reporting and management online?
5. With an Internet connection, regardless of connection to corporate network, are all users constantly protected with a “version-less” solution — with transparent updates and upgrades, and policy management?
6. From a longer-term investment perspective, does this software vendor have the breadth of security portfolio so that you can get all security SaaS solutions, with a single, centralized management console from the same vendor for greater ROI?

If the answer is ‘yes’ to all the questions, you have likely found your SaaS match.

Smitha Murthy is Head of Product Management, McAfee, India