Security as a service

Security as a service (SECaaS) is a business model in which a large service provider integrates their security services into a corporate infrastructure on a subscription basis more cost effectively than most individuals or corporations can provide on their own, when total cost of ownership is considered. In this scenario, security is delivered as a service from the cloud,^[1] without requiring on-premises hardware avoiding substantial capital outlays. These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, and security event management, among others.^[2]

Security as a service offers a number of benefits,^[3] including:

Constant virus definition updates that are not reliant on user compliance
Greater security expertise than is typically available within an organization
Faster user provisioning
Outsourcing of administrative tasks, such as log management, to save time and money and allow an organization to devote more time to its core competencies
A web interface that allows in-house administration of some tasks as well as a view of the security environment and ongoing activities

Origin

SECaaS is a business model for outsourced security licensing and delivery boasting a multibillion-dollar market.^[4] SECaaS provides users with Internet security services providing protection from online threats and attacks such as DDoS that are constantly searching for access points to compromise your website.^[5] As the demand and use of cloud computing skyrockets, users are more vulnerable to attacks due to accessing the Internet from new access points. SECaaS serves as a buffer against the most persistent online threats.^[6]

SECaaS models

SECaaS are typically offered in several forms:

Subscription
Payment for utilized services
Free of charge: Examples include Cloudbric, CloudFlare, and Incapsula.

Performance benefits

Cost-cutting tool

SECaaS eases the financial constraints and burdens that are shouldered by online businesses, integrating security services without on-premises hardware or a huge budget. Using a cloud-based security product also bypasses the need for costly security experts and analysts.^[7]

Consistent and uniform protection

The strength of SECaaS services is that they provide continued protection as databases are constantly being updated to provide up-to-date security coverage. It also alleviates the issue of having separate infrastructures, instead combining all elements in one manageable system.

Challenges

SECaas has a number of deficiencies that make it insecure for many applications. Each individual security service request adds at least one across-the-'Net round-trip (not counting installer packages), four opportunities for the hacker to intercept the conversation; 1. At the send connection point going up; 2. At the receive connection point going up; 3. At the sending point for the return; and 4. At the receiving point for the return.

On top of that, SECaas does to all security requests for that client exactly what container or endpoint security does to digital assets - it makes all security handling uniform so that once you break security for one request, you've broken it for all requests, the very broadest attack surface there can be. It also multiplies the rewards incentive to a hacker because the value of what can be gained for the effort is dramatically increased. Both these factors are especially tailored to the resources of the nation/state-sponsored hacker.

Relative newcomer

The biggest challenge for the surging SECaaS market is maintaining a reputation of reliability and superiority to standard non-cloud services still used by some. SECaaS as a whole has seemingly become a mainstay in the cloud market.^[8]

Widespread use

Cloud-based website security doesn’t cater to all businesses, and specific requirements must be properly assessed by individual needs.^[9] Business who cater to the end consumers cannot afford to keep their data loose and vulnerable to the attacks by the hackers. The heaviest part in SECaaS is educating the businesses. Since data is the biggest asset for the businesses,^[10] the CIOs and CTOs are the ones taking care of the overall security in the company.

References

↑ Furfaro, A.; Garro, A.; Tundis, A. (2014-10-01). "Towards Security as a Service (SecaaS): On the modeling of Security Services for Cloud Computing". 2014 International Carnahan Conference on Security Technology (ICCST): 1–6. doi:10.1109/CCST.2014.6986995.
↑ "Definition of Security as a Service".
↑ "cloudbric blog: The Newbie's Guide to Security as a Service (SECaaS)". blog.cloudbric.com. Retrieved 2015-09-24.
↑ "Security as a service really has become a no-brainer". Retrieved 2015-09-24.
↑ "cloudbric blog: Who's Behind DDoS Attacks and How Can You Protect Your Website?". blog.cloudbric.com. Retrieved 2015-09-24.
↑ "Security-as-a-service, Cloud-Based on the Rise (Part 1)". Retrieved 2015-09-21.
↑ "The Cloud is Safe and Cost Effective for Critical Data Storage. No, Really. - Peak 10". Retrieved 2015-09-21.
↑ "Security as a service really has become a no-brainer". Retrieved 2015-09-24.
↑ "Cloud vs. Data Center: What's the difference?". Retrieved 2015-09-21.
↑ "Why Security as a Service [SECaaS] Will be the Biggest Asset for Any CIO or CTO Today". Retrieved 2016-03-22.

External links

Security as a Service Working Group

This article is issued from Wikipedia - version of the 11/25/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.