Today’s enterprise network perimeter is arguably bigger and more complex than ever before.
A boom in cloud computing, along with an explosion of the number of endpoints, fueled by more user devices, mobile environments and the increased application of Internet of Things, is upon us. As organisations embrace digital transformation to drive efficiency gains, explore new markets and to drive competitive advantage, more and more touch-points need to be secured.
Managing all of this in house with limited resources is fast becoming unsustainable.
It is little surprise that security leaders are looking for innovative ways to make best use of stretched budgets and resource to actively support the dynamic IT architectures now emerging.
It’s not just about combating cyber threats, it’s also about providing confidence to the board around compliance and the appropriate handling of data.
Three main areas are emerging as issues for security teams and creating the perfect storm – they are cost (making the most of budgets), reducing complexity (making the best use of the resource you have available) and compliance (ensuring data is handled appropriately).
Security-as-a-Service (SECaaS) is emerging as a compelling way to address the issue. Its innovation is the ability to deliver security services via the cloud without the need for costly hardware onsite to manage the network. This model fits particularly well with the cloud computing approaches of Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service. Many cloud providers offer embedded security with these services – although it’s essential to check. This will help focus the requirement and deliverables of SECaaS in each instance.
In many respects, SECaaS shares many of the same objectives as Managed Security Services (MSS) – reducing complexity (by having a trusted partner manage assets), reducing costs (resources and budgets can be used in more focused ways within the enterprise) and compliance (providing insight to critical assets and granular reporting).
The delivery method defines SECaaS so, if security services delivered via the cloud are important, ensure your MSS can support this approach. Even if you don’t want a full SECaaS delivery right now, it’s worth planning for the future.
SECaaS is perhaps not the “silver bullet”. In their purest form, compliance, configuration and policy management are still held within the enterprise, however SECaaS can certainly add value to an in-house security team. By choosing a partner that can assess your needs, then planning, designing and implementing a solution that works for you, is perhaps the best way to harness SECaaS both now and in the future - actively addressing the challenges of cost, complexity and compliance.