Security Software-as-a-Service (SaaS) is a security control that
is available by subscription and is managed and delivered via the
Internet by a software vendor. The Security SaaS model is generally
well-suited for businesses that either have few IT resources or
none at all in-house. It also works for businesses that are not
interested to invest in security hardware or do not have time for
managing security or a large number of remote users. In other
words, this model serves a broad spectrum — all the way from
SMBs to large enterprises.
For most CIOs around the world, taking on SaaS-based software
services is not an option anymore, it is a necessity. Enterprise
CIOs have realized that in order to remain competitive, they need
to optimize their IT budgets and leverage the cloud for greater
security in the ever-changing threat landscape. For CIOs of large
enterprises, the paramount security concern without a
SaaS/cloud-based security offering is that often the remote workers
do not VPN into the corporate network to get the latest security
updates and policies. With SaaS, security is always on, always
up-to-date and CIOs can rest assured that security policies are
uniformly applied, regardless of the employee’s location.
The next big challenge that a CIO faces is ensuring remote
workers are compliant with the organization’s security
policies. The relinquishing of control is a tough pill for IT
administrators to swallow. Most large enterprises have not quite
adopted cloud all the way yet because of this very reason. The
optimal way to look at this situation is to do a TCO and ROI
analysis, factoring in the risk of remote employees not keeping
their systems up-to-date with security.
Finally, in today’s scenario, most CIOs face a hybrid
requirement — managing employees who come to the office
campus with on-premise security solutions and managing the remote
workers with SaaS. Then the problem to solve becomes how to have a
single security view of the enterprise. If you are considering the
offerings of security SaaS software vendors as the solution to the
problem, be sure to enquire about the following:
- Has the vendor been in the security SaaS business for a
significant length of time and earned the reputation for being the
best in class?
- Can you reduce or eliminate the on-premise hardware and
software costs, deployment and maintenance by offloading the server
management to a third-party software vendor, thereby optimizing
your IT budget?
- Does the vendor offer a hybrid solution with a single
management view of security across the enterprise?
- Does the SaaS management platform hosted by the software vendor
on their infrastructure offsite provide centralized deployments,
reporting and management online?
- With an Internet connection, regardless of connection to
corporate network, are all users constantly protected with a
“version-less” solution — with transparent
updates and upgrades, and policy management?
- From a longer-term investment perspective, does this software
vendor have the breadth of security portfolio so that you can get
all security SaaS solutions, with a single, centralized management
console from the same vendor for greater ROI?
If the answer is ‘yes’ to all the questions, you
have likely found your SaaS match.
Smitha Murthy is Head of Product Management, McAfee,