Security as a Service, Does It Really Work?

June 2013

The cloud model has brought obvious benefits to the IT ecosystem. Unlike the early days of cloud services when enterprises had been reluctant to consume public cloud services -mostly due to security concerns in relation to the loss of control for in house technology and processes-, the market is now growing exponentially with varied solutions and matured vendor services boosted by evolved set of standards, practices and guidance for service assurance.

De-perimeterisation is one of the major impacts of cloud migration and requires new approaches for security controls. As the data to be secured is now outside the secured corporate perimeter, the complexity of protecting data and the risk of compromise is higher. Security as a Service (SecaaS) is the cloud solution set offering a standardized security framework with centralized resources of technology, processes and expertise. The SecaaS market promotes several benefits of this model however these benefits must be weighted together with the associated risks due to centralization of resources, loss of direct control for technology and possible conflicts and gaps in roles and responsibilities.