Security as a Service – A 1CR intro to SECaaS

Security as a Service or otherwise known as SECaaS is the newest kid on the buzzword block. It was bound to happen. The industry was looking for a new buzzword to steal some of the spotlight in 2013. Gartner has been talking a lot about Security as a Service lately.

I was recently talking with a customer about moving their current infrastructure to the cloud in an entirely hosted fashion. Of course the question of trust and security immediately came up. I have come to realize that there are thousands of other companies who have the same reservation. I believe that in time most small and mid size companies will learn that cloud hosting and cloud services will be an inevitable outcome.

The concept of cloud alone is taboo to many businesses. Could you imagine trying to have them adopt model where there security is being provided by a vendor in the cloud? After the discussion with my customer and reading some articles about Cloud Security as a Service, I was encouraged to conduct some research surrounding Security as a Service aka SECaaS. When I hear the word security, I immediately think of words like Trust, Confidentiality and Reliability. This is what I would look for when searching for a SECaaS vendor. (see vendor list below)

What is Security as a Service

Security as a Service (SecaaS is a cloud computing model that delivers managed security services over the Internet. SECcaaS is based on the Software as a Service model, but limited to specialized information security services.

  • A business model where a large scale provider manages the security and event management aspect for a corporate IT infrastructure
  • The service provider is responsible entirely for the service, security policies put in place and general administration
  • Services could include anti-virus, malware, intrusion detection etc.
  • Licenses for security service are provided by the service provider and rented on a monthly basis by various businesses

Benefits of Security as a Service

  • Lower your total cost of ownership when it comes to security, log and event management, by letting the experts do what they do best
  • Constant security updates made on a large scale
  • Web enabled dashboard or interface available from anywhere to view the security environment and ongoing tasks
  • Rapid deployment of changes and updates
  • Easier to support mobile and remote workers with online security
  • Most threats never make it on premise when cloud services are enabled

Gartner’s take on Security as a Service

Gartner is reporting that Security as a Service is likely to experience high growth through 2015. Gartner categorizes this as security information and event management (SIEM) as a service. According to their research, 10% of overall IT security enterprise product capabilities will be delivered in the cloud by 2015. The report also sates, that the cloud-based security services market is projected to reach $4.2 billion by 2016. The complete report is available at

Cloud Security Alliance – CSA

In resarching for this blog, I came across something which I thought would be of interest to our readers. The (CSA) is a non-profit organization  led by an an independant and broad coalition of industry practitioners, corporations, associations and other key stakeholders.

The CSA Mission Statement is the following:

“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”

The CSA has over 3000 Twitter followers and remains consistently active. More information on CSA can be found here.

The CSA has created the “Implementation Guidance Documents“. Security as a Service is outlined in the following categories.

Category 1 – Identity and Access Management

Category 2 – Data Loss Prevention

Category 3 – Web Security

Category 4 – Email Security

Category 5 – Security Assessments

Category 6 – Intrusion Management

Category 7 – Security Information and Event Management (SIEM)

Category 8 – Encryption

Category 9 – Business Continuity / Disaster Recovery

Category 10 – Network Security

Security as a Service Vendors

The following vendors have been identified to provide Security as a Service

Altor VF – Altor Networks

AppGate Security Server – Cryptzone Group AB

BioBeans – TouchTier Technology

CipherCloud – CipherCloud Inc.

DefensePro – Radware



Panda Software


Trend Micro


Are you ready for the Cloud? Try the Microsoft Cloud Security Readiness Tool


Leave a Reply

Your email address will not be published. Required fields are marked *