A few weeks ago, HP rolled out a plethora of new security-as-a-service (SECaaS) offerings for its customers. As enterprises move toward outsourcing a greater chunk of their infrastructure, SECaaS may be a natural extension of the managed services movement that could give companies some much needed peace of mind.

For physical security, companies have been using private contractors for decades, particularly when they have highly valuable assets. In today’s IT world, electronic content and data may be more valuable than physical products. As such, it only makes sense for companies to look for security packages that are easy to implement and comprehensive in their security coverage. In other words, companies like HP are promising to help enterprises “secure the stack” rather than offering piecemeal security for various components.

An Affordable Solution

Rather than licensing software installations for anti-malware, intrusion detection, authentication, and security event management, some organizations would prefer to pay a subscription fee to a security service provider that is then responsible for keeping the services up-to-date and secure. Like other software-as-a-service (SaaS) models, SECaaS is designed to reduce capital expenditures and also function with less on-site manpower.

For example, when a technology manager wants to give employees access to a number of Internet services, all tied to the company’s resources, he can give them a single point of access through a cloud-based sign-on system. Within it, he can also assign access privileges and fine tune user accounts. This type of security simplification is catching on and could become a lucrative industry for companies like HP, Trend Micro, Courion, VeriSign, Panda Software, Symantec, McAfee, and Cisco.

Cloud Security Services

Enterprise cloud-based security services include but are not limited to:

• Identity Access Management – managing authentication and user access privileges
• Applications Threat Analysis – addresses threats to applications over an extended period of time, reducing incidents through a proactive approach
• Data Center Monitoring and Management – comprehensive infrastructure security for the entire data center, including network, power, and hardware
• Data Loss Prevention – identifying risk workloads and auditing cloud-based assets to determine the safest storage and backup of data
• Endpoint Protection – preemptive scanning and neutralizing of spam, viruses, bots, and other malware before it reaches the network
• Critical Systems Protection – protecting virtual machine infrastructures and services against potentially compromising attacks or downtime
• Website Security and SSL Certificates – protection against a wide range of web-based threats, including cross-site scripting (XSS), denial of service (DoS), brute force attacks, and various forms of malware
• Email Encryption and Archiving – securing email and safely storing it in encrypted formats
• Vulnerability Management – scanning for vulnerabilities in the network and software, providing preventative solutions

Peace of Mind in the Cloud

Like other cloud services, SECaaS is primarily managed by the service provider, but in most cases, the provider will give the user control over many of the settings and details of the deployment. For example, a user with an identity access management subscription may be able to use a control panel with user access controls and other settings.

Depending on the services available from SECaaS providers, they may offer cloud-based security services for on-premise applications, platforms, and infrastructure and/or services already hosted from the cloud. Subscription rates will vary, but those who favor cloud services for their cost-saving attributes should find cloud security to be equally competitive to traditional solutions.