Over the past few years, more and more businesses have been turning to the Software as a Service (SaaS) model to bring down costs, improve efficiency, handle more load, and more. A sub-category which deserves some attention in today's world is the Security as a Service (SECaaS).
SECaaS: A Changing Market
Today, more and more traditional security companies are developing and enhancing their service based offerings. These include web security, email threat management, network security, cloud, mobile and more. While many argue that reduced costs should not be the driver for a switch especially in security products, only a few companies, including Appknox, argue that their solutions are better offered as a service.
This is a market in transition and this is what all CIOs and CTOs need to observe and understand. Previously, security services that moved to the cloud basically just moved the centralised management console. Today, offerings have gradually matured to utilise the strengths of the cloud. For example, at Appknox, not only is the security tracking and management on the cloud, the whole security analysis also takes place in the cloud using a cloud-based emulator that we've custom built. As a user, this gives you immense power to perform multiple tasks while the benefits of cloud take care of all the performance-related pain. This helps us conduct faster and deeper analysis and provides you with more horsepower to perform better.
As the demand and use of cloud services skyrockets, users are more vulnerable to attacks than ever, as they access the Internet through varying and relatively unsecured highways. This is where SECaaS comes in, serving as a buffer against the most persistent online threats.
SECaaS: Why it deserves attention from CIOs and CTOs?
Gartner is predicting the cloud-based security services market, which includes secure email or web gateways, identity and access management (IAM), remote vulnerability assessment, security information and event management to hit $4.13 billion by 2017.
According to its “Market Trends: Cloud-based Security Services Market,” Gartner is predicting growth is likely to come because of the adoption of these cloud-based security services by small- to-mid-sized business (SMB) in particular.
Let's take a look at the state of mobile security. In a 2015 study, the Ponemon Institute reported:
- Nearly 40 percent of large companies, including many in the Fortune 500, aren’t taking the right precautions to secure the mobile apps they build for customers
- Only 5.5 percent of the mobile app budget is currently being allocated to ensuring that mobile apps are secure against cyber-attacks before they are made available to users
- 50 percent of these organisations were found to devote zero budget whatsoever towards mobile app security
- 55 percent state their organisation does not have a policy which defines the acceptable use of mobile apps in the workplace
- 67 percent of companies allow employees to download non-vetted apps to their work devices
An Arxan study showed that the number of mobile cyber-security attacks is continuing to grow. At any given time, malicious code is infecting more than 11.6 million mobile devices.
The Solution? - Security By Design
It is often difficult to convince business leaders of the importance of something new and novel, like mobile SECaaS. I came across a great analogy which I want to share here. Imagine if the auto companies manufactured their cars without seat belts or airbags, and then added them later, following scares or accidents. It would be both senseless and outrageously expensive.
The same thing is applicable to the biggest vulnerabilities that we see today, be it in mobile space or web or network. It leads to direct revenue and reputation damage and then companies wonder why they did not think security first before implementing other services.
The only solution is to build in security from the start. It is essential to carry out regular automated and human-assisted tests to track conformance and compliance. This not only saves money but also saves a lot of time, which translates to more money.
SECaaS: The Benefits
Security-as-a-Service offers a number of benefits. The most obvious ones are that it offers a web-interface for in-house administration and management. It allows for constant updates and helps outsource administrative tasks like log management allowing you to save time and money. Using a cloud-based security product also bypasses the need for costly security experts and analysts.
The strength of SECaaS services is that they provide continued protection as databases are constantly being updated to provide up-to-date security coverage. It also alleviates the issue of having separate infrastructures, instead of combining all elements into one manageable system.
But apart from being a great way to save costs and time, SECaaS can offer much greater security expertise than is typically available within an organisation.
And this is what you as a CIO or CTO should pounce upon.
If you’ve never looked at security this way before and don’t really know where to start, try the FREE Appknox Appgrader and find out your app’s basic vulnerability score.