Security as a Service or otherwise known as SECaaS is the newest kid on the buzzword block. It was bound to happen. The industry was looking for a new buzzword to steal some of the spotlight in 2013. Gartner has been talking a lot about Security as a Service lately.
I was recently talking with a customer about moving their current infrastructure to the cloud in an entirely hosted fashion. Of course the question of trust and security immediately came up. I have come to realize that there are thousands of other companies who have the same reservation. I believe that in time most small and mid size companies will learn that cloud hosting and cloud services will be an inevitable outcome.
The concept of cloud alone is taboo to many businesses. Could you imagine trying to have them adopt model where there security is being provided by a vendor in the cloud? After the discussion with my customer and reading some articles about Cloud Security as a Service, I was encouraged to conduct some research surrounding Security as a Service aka SECaaS.Â When I hear the word security, I immediately think of words like Trust, Confidentiality and Reliability. This is what I would look for when searching for a SECaaS vendor. (see vendor list below)
Security as a Service (SecaaS is a cloud computing model that delivers managed security services over the Internet. SECcaaS is based on the Software as a Service model, but limited to specialized information security services.
Gartner is reporting that Security as a Service is likely to experience high growth through 2015. Gartner categorizes this as security information and event management (SIEM) as a service. According to their research, 10%Â of overall IT security enterprise product capabilities will be delivered in the cloud by 2015. The report also sates, thatÂ the cloud-based security services market is projected to reach $4.2 billion by 2016. The complete report is available at Gartner.com.
In resarching for this blog, I came across something which I thought would be of interest to our readers. The (CSA) is a non-profit organization Â led by an an independant and broad coalition of industry practitioners, corporations, associations and other key stakeholders.
The CSA Mission Statement is the following:
“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”
The CSA has created the “Implementation Guidance Documents“.Â Security as a Service is outlined in the following categories.
Category 1 – Identity and Access Management
Category 2 – Data Loss Prevention
Category 3 – Web Security
Category 4 – Email Security
Category 5 – Security Assessments
Category 6 – Intrusion Management
Category 7 – Security Information and Event Management (SIEM)
Category 8 – Encryption
Category 9 – Business Continuity / Disaster Recovery
Category 10 – Network Security
The following vendors have been identified to provide Security as a Service
Altor VF – Altor Networks
AppGate Security Server – Cryptzone Group AB
BioBeans – TouchTier Technology
CipherCloud – CipherCloud Inc.
DefensePro – Radware
Are you ready for the Cloud? Try the Microsoft Cloud Security Readiness Tool