Posted by Robbie Forkish on Wed, Aug 19, 2009
It's slightly ironic that while there are concerns about security in the cloud, there are a number of managed security services that provide security from the cloud. As outlined below, cloud-based Software-as-a-Service (SaaS) security solutions are being ever more widely adopted to save money and improve security.
Gartner reports that the current tough economic conditions drive many companies to look at cloud computing and SaaS offerings in order to cut expenses. There must be something to that, as Nemertes Research's 2009 Spring Benchmark finds that 60% of participants are planning to increase their use of managed services in 2009. And Infonetics Research reports that revenue derived from managed security SaaS will grow at a compound annual growth rate of 46% from 2008 to 2013. That's a phenomenal growth rate. "SaaS is definitely the future of managed network security," said Jeff Wilson, Infonetics Research's Principal Analyst for Network Security.
Companies are not willing to adopt SaaS for security at the expense of strong security capabilities. In fact, as shown in the following chart, the top driver behind SaaS for security is strength for security; cost is second. In other words, the drive to cut costs has also led to stronger security capabilities:
As more services are delivered from the cloud, scale economies will improve and the level of acceptance will result in SaaS security as a mainstream offering for SMBs as well as large enterprises. But there's another factor that comes into play that makes SaaS even more valuable, which I refer to as technical leverage. Take Salesforce.com, for example. Salesforce is the world's leading SaaS vendor. They now also offer a Platform-as-a-Service (PaaS) solution called Force.com. And with Force.com one can leverage their AppExchange, an online directory that provides customers a way to browse, test-drive, share and install applications developed on Force.com. One analyst refers to AppExchange as "the iTunes of business software". That's a powerful concept, and potentially significant leverage for Salesforce.com customers.
SaaS has fueled remarkable innovation, as vendors roll out cloud-based solutions for different aspects of security and compliance. Forrester's white paper on Authentication-as-a-Service, commissioned by VeriSign, describes challenges companies face with regard to authentication and how a cloud-based authentication service would be perceived. Expected benefits from such a service include improved reliability, reduced fraud, reduced identity theft, and improved scalability.
Symplified, which refers to itself as "The Cloud Security Company", provides identity management from the cloud. They claim an 80% savings compared to software. TriCypher offers a cloud-based single sign-on (SSO) service called myOneLogin that they claim can be deployed in minutes. Cloud Compliance offers a cloud-based identity and access assessment service for SOX, PCI DSS, GLBA and HIPAA that addresses the top causes of IT audit findings.
If we step back and look at the big picture, we observe that cloud-based authentication, identity management and compliance services represent additional forms of technical leverage. An enterprise can pick and choose from among SaaS offerings to build a complete security and compliance solution from best of breed components. And unlike software, SaaS solutions require no installation, no upgrades or patches, no maintenance, and typically cost significantly less than the software they replace. But most importantly, these innovative SaaS offerings enable companies to strengthen their overall security and compliance profile.