When you think of security, what do you think about? Some hardware
appliance such as a firewall or router. Maybe you think about
installing security software on each computer. These components are
security, but an increasing number of vendors are selling more security
solutions as a service.
In this interview, John Adams, CTO of Chosen Security gives us a better understand of what security as a service means and more importantly what it means for you.
What is SaaS security?
Software as a Service (SaaS) Security is simply a security
capability delivered as a service instead of a product. As an example,
ChosenSecurity’s QuickStart certificate service delivers certificates
using a service that can be accessed by any Web browser; this is an
alternative to setting up a product such as the Microsoft Certificate
Authority. Another example is Message Labs who offer capabilities such
as anti spam filtering and email encryption as a service.
Is it for every business or should some businesses use traditional appliance/software security?
Any business can use SaaS security. For the most part, SaaS can be
deployed more quickly and will have lower costs than deploying
products, particularly for smaller deployments. This cost benefit is
reduced for larger deployments, and may disappear altogether for very
large deployments. The SaaS approach is generally less flexible than a
product approach, so it may be easier to integrate a product into a
complex environment than a service. A good deployment strategy would be
to start out with the SaaS approach to gain experience with thesecurity
capability and then migrate to a product if the service is too limiting
or too expensive.
Can ones entire network be secured via the cloud or should certain parts have premise based security?
Smaller organizations may choose to outsource all of their security
due to lack of expertise or resources. Most large organizations,
particularly ones with security expertise, will elect to provide that
capability themselves. Since the primary benefits of the SaaS approach
are lower cost and speed of implementation, most organizations will use
the SaaS approach when they are trying to introduce a new capability or
reduce the cost of an existing one.
How should one choose a SaaS securities vendor-there are so many,
from the household names such as Symantec and McCaffee, to TrendMicro,
St. Bernard and more?
This is a challenging task, but the first step is to be clear about
what security capabilities you want to deploy. This can range from
something you already do in house but would like to outsource, to
something you would like to try for the first time. The task of sorting
through the vendors will be a lot simpler if you are clear on what you
are trying to accomplish. If you are trying to achieve that clarity,
you will be better off hiring a consultant, or doing an internal
project first to identify your requirements. Once you have clearly
identified a requirement, for example email security, it is much
simpler to identify the relevant vendors. Once that has been done, the
choice usually comes down to price, featuresand the quality of
What are your thoughts on having antivirus on each desktop computer in addition to SaaS security, or is this redundant?