Security Software as a Service

In the just ended decade cyberspace has change the way we live and operate.

However, with so many cyber incidents and data breaches that impacted global business economy, the market understands that cybersecurity is a vital investment for businesses that wants to sustain their success. With this conclusion the cybersecurity realm received an enormous burst of interest and the cybersecurity solution industry began to rise.

Today’s buzz words are "Cloud services", "Cyber something AI" and "Everything as a Service", which are emerging trends that provides the software industry with yet ever faster, secure and better services.

The problem with these buzz words solutions is that the individual responsible to implement them (CISO?) also needs to stay in budget. There is an oxymoron there. Although slightly changing, most CISO's do not get enough attention from their senior management and even less from their Board of Directors, for their responsibility to address cyber related (emerging) business disruptions.

Not to mention small or medium business owners. With every cent that counts they simply can’t afford the traditional solutions, hardly advanced ones.

If we look on the current security software portfolio of many companies, we will see a range of applications like Anti-virus, FW, WAF sometimes SIEM, etc. Most likely that they are still managed within the company (both on the application and infrastructure aspect).

Security Software as a Service is the field of managed security services that require you to manage on the application side, and that’s it.

Before we jump in, let's have a quick overview of the benefits that traditional Software as a Service (SaaS) provides:

SaaS is software that is centrally hosted and managed for the end customer. It is usually based on an architecture where one version of the application is used for all customers, and licensed through a monthly or annual subscription. Office 365, Salesforce, Google Drive are all examples of SaaS solutions. What are the main benefits?

  • OpEx (Operational Expenditure) – Instead of buying all the licensing (for a year) and hardware, we pay for what we consume (for most services it will be a mixture of pay-as-you-go and a subscription module).
  • It’s all in the cloud – You do not need a data center (or a few servers under your desk).
  • Infinite scalability – The service provider will take care of the compute resources.
  • Vendor switching – If you are unhappy with the product, the Total Cost of Ownership (TCO) for moving to different one is a fraction of the cost of doing the same the old way (switching hardware, installing, professional services, etc.)

Now that we understand SaaS benefits, let's dive into the benefits of using Security SaaS solutions:

  1. Cost - As we already know, professional technology personal with years of expertise comes with an expensive price.
    In most cases, companies will staff their teams with few trained and experienced personnel and they might add some juniors. This common scenario result in having working hands but hands that makes mistakes (and when it comes to cyber security we really don’t want to make mistakes).
    If we use Security SaaS we don’t need to have the variety of expertise that we usually need. We can be gratified with a professional application master that has good knowledge how to use the technology and that’s it. There is no need to decide what architecture you need to deploy in order to install the system, you just need to configure the controls you wish and consume it.
    Obviously, using security SaaS probably decreases the number of potential mistakes.
  2. Updates - If you live in the off-premise world that is disconnect from the internet you mostly stay months if not years behind in both security updates and feature updates. “feature updates” in security systems mostly means new security capabilities that we won’t be able to leverage until we get the system up-to-date. That’s even before we considered the complexity of some updates, their scheduling (with govern change management or purchase of new hardware / OS change processes) which will consume a lot of resources we are usually short of.  Bottom line, most companies cannot issue updates in fast intervals resulting in not having systems properly up-to-date.
    In the world of Security SaaS, updates are normally transparent and features just flow in. Previously, your opinion as a customer about the product you use had a long (and frustrating) road before they got into product version (and that’s before you updated your system to that version). Today, your requests can be executed in a much better TTM (time to market) by the vendor.
  3. Big Data - This term has been a hype word for years now, in security terms it has been unleashed mainly because of the option to gather huge amount of data, analyze it, catch the anomalies and create various products that can use that information. Microsoft’s Defender ATP is a good use case. It uses this exact formula - millions of clients report back to Microsoft core, as a result they can discover new malware appearance, new viruses, new ransomware and react very fast, compared to on premise systems that mostly will use only compiled results (if at all) of the whole process. Definitely lower security capabilities.

Obviously, Security SaaS Services has some drawbacks, such as:

  1. Sense of control - Owned maintained hardware and software still gives us a greater feel of control than a third party's solution.
  1. Modifications - If you heavily modified your in house applications and made them "tailor-made" to your needs, Security SaaS applications as customized they wish to be, probably will not give you the same control as a self-hosted solution.
  1. Regulation - Some regulations might restrict data storage or have other restrictions that can limit security SaaS usage.

To conclude:

As we listed  the pros and cons of using Security SaaS solutions, we understand that moving from on premise, self-operated security systems to SaaS modelling is becoming mandatory (unless you are disconnected from the internet, good luck with that) and even more inevitable.

We didn’t cover Security SaaS pricing compared to self-hosted security systems because it goes the same as any SaaS module, you pay for what you use.

One last thought, try go over the fastest security system that you’ve deployed, factor it with labor, hardware and management efforts, now request a demo of the same class system in Security SaaS module and deploy it. We urge you to compare the TCO.


by Oren Hadar

Leave a Reply

Your email address will not be published. Required fields are marked *

More from our Blog

April 18, 2020
Is office space part of your strategy?

Could it be that organizations do not need office space anymore? Would it be fair to say that we can reduce a substantial part of our leased space costs? Imagine this: our employees are working remotely. Part of them are working from home, others sit in coffee houses or leased spaces next to their home. […]

March 1, 2020
Cyber Hygiene - Cloud

Do teeth brushing and cloud security correlate? Can teeth brushing save us money? Hey everybody. I'm Yoav and this the last and not least of our cyber hygiene post serious. This one is on implementing cyber hygiene on cloud environments. On our previous post “cyber hygiene – actions” we learned how good security practices and […]

February 17, 2020
Cyber Hygiene Actions

Hey you all, Its, Yoav. Thank you for coming back. On this post I will tell you how simple hygiene actions (with no additional tools required) can be implemented within your network, preventing digital illness and unnecessary disruption exposure. On our previous post, Cyber Hygiene basics, we saw the similarity between body hygiene and network […]

February 8, 2020
Cyber Hygiene Basics

Can you see the connection between personal body cleanse and computer network weaknesses? To my eyes, the connection is based on the term “Cyber Hygiene”. Does it ring a bell? What is Cyber Hygiene? to understand the meaning of this term, I want you to imagine... Imagine the world when people did not care of personal […]

January 4, 2020
Security Software as a Service

In the just ended decade cyberspace has change the way we live and operate. However, with so many cyber incidents and data breaches that impacted global business economy, the market understands that cybersecurity is a vital investment for businesses that wants to sustain their success. With this conclusion the cybersecurity realm received an enormous burst […]

April 30, 2017
CST-360 Protecting What Matters

Hello all, Welcome to our website blog. In this blog, we care to share our thoughts and insights on Cyber Security processes and business outputs, as we believe that governing your cyber defense operations will give your organization the highest value regardless of your tools and solutions. Our moto "protecting what matters", reflects the need […]

May 17, 2017
Governance Against Malware

In the past two weeks, all we hear are #WannaCry, #WannaCrypt, and the world’s biggest cyberattack. However, eventually, protecting against these and other malware,  is still a good Patch Management process. Nothing more. No extra security tools and no extra cost investments. So with no further due, just invest in good practices. Govern your IT and […]

December 31, 2018
2019 - New Year Predictions

Humbly and with respect, I admit that 2018 was very good for us @ CST-360.We had some new fascinating engagements that started and will continue into the new year with new technologies, new business models and above all new BUSINESS RISKS to address. What should we expect of coming 2019? Here are the three bullets […]

Visit Our Blog 

Leverage your business, 
while protecting what matters

Let's Plan Your Security
lockplusunlockunlock-altcopyrightcross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram