Security Software as a Service

In the just ended decade cyberspace has change the way we live and operate.

However, with so many cyber incidents and data breaches that impacted global business economy, the market understands that cybersecurity is a vital investment for businesses that wants to sustain their success. With this conclusion the cybersecurity realm received an enormous burst of interest and the cybersecurity solution industry began to rise.

Today’s buzz words are "Cloud services", "Cyber something AI" and "Everything as a Service", which are emerging trends that provides the software industry with yet ever faster, secure and better services.

The problem with these buzz words solutions is that the individual responsible to implement them (CISO?) also needs to stay in budget. There is an oxymoron there. Although slightly changing, most CISO's do not get enough attention from their senior management and even less from their Board of Directors, for their responsibility to address cyber related (emerging) business disruptions.

Not to mention small or medium business owners. With every cent that counts they simply can’t afford the traditional solutions, hardly advanced ones.

If we look on the current security software portfolio of many companies, we will see a range of applications like Anti-virus, FW, WAF sometimes SIEM, etc. Most likely that they are still managed within the company (both on the application and infrastructure aspect).

Security Software as a Service is the field of managed security services that require you to manage on the application side, and that’s it.

Before we jump in, let's have a quick overview of the benefits that traditional Software as a Service (SaaS) provides:

SaaS is software that is centrally hosted and managed for the end customer. It is usually based on an architecture where one version of the application is used for all customers, and licensed through a monthly or annual subscription. Office 365, Salesforce, Google Drive are all examples of SaaS solutions. What are the main benefits?

• OpEx (Operational Expenditure) – Instead of buying all the licensing (for a year) and hardware, we pay for what we consume (for most services it will be a mixture of pay-as-you-go and a subscription module).
• It’s all in the cloud – You do not need a data center (or a few servers under your desk).
• Infinite scalability – The service provider will take care of the compute resources.
• Vendor switching – If you are unhappy with the product, the Total Cost of Ownership (TCO) for moving to different one is a fraction of the cost of doing the same the old way (switching hardware, installing, professional services, etc.)

Now that we understand SaaS benefits, let's dive into the benefits of using Security SaaS solutions:

1. Cost - As we already know, professional technology personal with years of expertise comes with an expensive price.
   In most cases, companies will staff their teams with few trained and experienced personnel and they might add some juniors. This common scenario result in having working hands but hands that makes mistakes (and when it comes to cyber security we really don’t want to make mistakes).
   If we use Security SaaS we don’t need to have the variety of expertise that we usually need. We can be gratified with a professional application master that has good knowledge how to use the technology and that’s it. There is no need to decide what architecture you need to deploy in order to install the system, you just need to configure the controls you wish and consume it.
   Obviously, using security SaaS probably decreases the number of potential mistakes.
2. Updates - If you live in the off-premise world that is disconnect from the internet you mostly stay months if not years behind in both security updates and feature updates. “feature updates” in security systems mostly means new security capabilities that we won’t be able to leverage until we get the system up-to-date. That’s even before we considered the complexity of some updates, their scheduling (with govern change management or purchase of new hardware / OS change processes) which will consume a lot of resources we are usually short of.  Bottom line, most companies cannot issue updates in fast intervals resulting in not having systems properly up-to-date.
   In the world of Security SaaS, updates are normally transparent and features just flow in. Previously, your opinion as a customer about the product you use had a long (and frustrating) road before they got into product version (and that’s before you updated your system to that version). Today, your requests can be executed in a much better TTM (time to market) by the vendor.
3. Big Data - This term has been a hype word for years now, in security terms it has been unleashed mainly because of the option to gather huge amount of data, analyze it, catch the anomalies and create various products that can use that information. Microsoft’s Defender ATP is a good use case. It uses this exact formula - millions of clients report back to Microsoft core, as a result they can discover new malware appearance, new viruses, new ransomware and react very fast, compared to on premise systems that mostly will use only compiled results (if at all) of the whole process. Definitely lower security capabilities.

Obviously, Security SaaS Services has some drawbacks, such as:

1. Sense of control - Owned maintained hardware and software still gives us a greater feel of control than a third party's solution.

2. Modifications - If you heavily modified your in house applications and made them "tailor-made" to your needs, Security SaaS applications as customized they wish to be, probably will not give you the same control as a self-hosted solution.

3. Regulation - Some regulations might restrict data storage or have other restrictions that can limit security SaaS usage.

To conclude:

As we listed  the pros and cons of using Security SaaS solutions, we understand that moving from on premise, self-operated security systems to SaaS modelling is becoming mandatory (unless you are disconnected from the internet, good luck with that) and even more inevitable.

We didn’t cover Security SaaS pricing compared to self-hosted security systems because it goes the same as any SaaS module, you pay for what you use.

One last thought, try go over the fastest security system that you’ve deployed, factor it with labor, hardware and management efforts, now request a demo of the same class system in Security SaaS module and deploy it. We urge you to compare the TCO.