Welcome to SaaS thoughts

Whether you call it Software as a Service (SaaS), Managed Service Provider (MSP) or On-Demand Services, your organization uses the service running “in the cloud”. This blog will discuss these services, their benefits, drawbacks and operations. Are we biased? Yes. We believe that some services make sense for most organizations. Email security is one of those. However as Mark Twain said, “All generalizations are false, even this one.” Each Tuesday we will post information and questions about Software as a Service. Occasionally, we will have a "Guest Post" from either a consultant or vendor posting her/his thoughts on Managed Services generally as well as some degree of specificity based on her/his unique perspective. We encourage your insights, comments and feedback. Welcome.

RSS Subscribe to RSS

Why Security SaaS Makes Sense Today


The following is an excerpt of a White Paper. For the full copy, Send your request to: “Why Security SaaS Makes Sense Today”

Seven Reasons to Adopt SaaS Security

Corporate IT teams are waging a significant security battle on two fronts these days: stopping attacks via the Web and through email. They are tirelessly trying to protect their networks against known and unknown viruses, spyware and phishing attacks. However, the more complex these threats become, the more infrastructure companies have to bring in-house, sending capital expenditures through the roof.

1 – Provides Improved Manageability

In most organizations today, security revolves around building and managing either hardware and software or appliances. IT teams must spend a majority of their time focusing on licensing, updates, performance and availability for a host of security systems strewn about the enterprise. They also struggle with implementation and setup costs, as well as compatibility issues. This leaves little time for managing what’s most important — the business processes that mitigate risk.

2 – Features Guaranteed SLAs

One of the biggest benefits to SaaS is knowing that the provider has promised to uphold a service-level agreement (SLA). SLAs traditionally guarantee a higher level of performance, availability, uptime and security than IT teams would be able to deliver in-house. And there are penalties to collect on if the provider fails to meet this agreement. Most SLAs offer a way for companies to access reports that feature details on threat mitigation, throughput and response-time performance, as well as other key metrics.

3 – Affords Flexibility and Scalability

Trying to keep up with the demands of protecting email and Web security can be impossible — literally. Consider that in most cases, IT teams must physically build out their networks to handle corporate growth. And as the network expands, so does the need for IT staff to manage it.
SaaS enables IT teams to easily and transparently scale security to match business needs. For instance, they can quickly add a group of users that resulted from a corporate merger or beef up scanning to protect the organization from unwanted Web content. They can also make sure that mobile users have the same security on- and off-network — a difficult challenge with on-premise solutions.

4 – Provides High-Quality Security by Security Experts

It would take a larger IT team than the majority of companies have to address the security challenges most organizations face. As an example, she points to the fact that 711,912 new malware threats were reported in 2007, which translates into 1,950 new malware attacks each day.

The Web is becoming increasingly more dangerous, with growing numbers of search queries resulting in at least one malicious URL. To adequately combat most of these threats, IT teams need immediate and detailed knowledge of emerging attack vectors. One or two staff members devoted to security can’t possibly detect and mitigate these risks quickly enough to ward off serious damage.

Less than half of respondents to a 2007 Forrester survey reported using any kind of real-time protection such as behavior-based detection, outbound content protection, heuristics detection, content inspection, reputation filters or URL filtering.

With SaaS, companies don’t have to be security experts. Instead, they can depend on the expertise of a provider that is constantly monitoring and combating new threats to the network. Using signature, behavior and heuristic analysis in tandem with access and policy controls, a SaaS provider can quickly thwart spam, virus, spyware and phishing attacks within email as well as detect inappropriate content and malware on Web sites that users visit.

5 – Reduces Bandwidth Requirements and Improves Network Performance

SaaS is not only a cost-saver, but also a resource-saver. Offloading email and Web security takes a lot of pressure off the enterprise to handle traffic generated by spam. For instance, if a company builds its network to support 15 million inbound email messages per day and 14 million are purely junk, that’s a lot of money wasted trying to deal with the volume on-premise.

After you move to an in-the-cloud offering, you only need to support a million messages per day on your own network so bandwidth consumption is drastically reduced. By ridding the network of that extra burden, companies could also see a boost in performance.

6 – Plays a Critical Role in Defense-In-Depth Security

Security experts recommend that companies have a multilayered approach to security, but buying and managing the infrastructure required to do that can be cost-prohibitive.

Security SaaS enables IT teams to have a layered approach without all the headaches. For instance, Wang says Web security SaaS can handle fast processing of connection-level filtering and an on-premise solution to perform the more in-depth content analysis. That first layer lightens the load the on-premise solution has to inspect, enhancing the network’s speed and overall security.

7 – Enhances Cost Savings Surrounding Security

One of the biggest issues for many organizations is determining if security SaaS adds to the bottom line. As mentioned previously in this report, by eliminating the need for infrastructure and the personnel to manage that infrastructure, SaaS offers immediate savings. In a 2007 study, market research firm Gartner Inc. found that SaaS secure Web gateway solutions cost as much as $40 less per user than appliances. Companies realize these savings by having a subscription model with predictable costs.

Companies can also see cost benefits from needing less storage and bandwidth since a lot of spam and other false content is handled off-network. SaaS lowers help desk costs as well because IT teams spend less time fixing damage caused by spam, viruses, malware and other attacks.

By using a comprehensive security SaaS solution, organizations can avoid the incurred costs of a data breach. A survey by the Ponemon Institute LLC found that 74% of respondents reported a loss of customers, 59% faced potential litigation, 33% faced potential fines, and 32% experienced a decline in share value.

For the full copy, Send your request to: “Why Security SaaS Makes Sense Today”.

Posted on : Nov 11 2008
Tags: , , ,
Posted under Email security, SaaS, Web security |


Get every new post on this blog delivered to your Inbox.

Join other followers: