Cloud computing is one of the most important newer developments in the information systems. The widespread popularity of cloud computing has given rise to a new generation of security platforms and providers known as Security-as-a-service, or SECaaS.
Security as a Service(SECaaS) is a business model in which large service providers integrate their security services into a corporate infrastructure on a subscription basis.It involves applications such as anti-virus software delivered over the Internet but the term can also refer to security management provided in-house by an external organization.
In the current cloud environment, the cloud service providers do not generally offer security as a service to their customers. Hence customers need to make their own arrangements for securing their virtual machines that are hosted in the cloud. SecaaS offers a way for enterprises to access security services that are robust, scalable and cost-effective.
Security-as-a-service providers usually function the same way as a SaaS providers: they charge a monthly subscription fee to reduce cost burden for outsourced services. But instead of providing access to a tool or platform, they provide protection for your apps, data, and operations that run in the cloud.
The Cloud Security Alliance (CSA) is an organization that is dedicated to defining and raising awareness of secure cloud computing. The CSA has defined the following categories of SECaaS tools
- Email Security
- Network Security
- Data Loss Prevention
- Security Assessment
- Intrusion Management
- Business Continuity and Disaster Recovery
- Identity and Access Management
- Security Information and Event Management (SIEM)
- Web Security
Vendors providing SECaaS are listed as:
- Panda Security
- White Hat Security
Security as a Sevice provides following benefits for the organization:
- Continuous anti-virus updates: SecaaS services ensure that security software is maintained with the most current virus definition and security updates.
- Cost: contracting a managed security service usually costs less than investing in personnel, software, and hardware.
- Ease of management: A service provider delivers total management of cloud security services, security policies, and general administration. Customizable and scalable services range from anti-virus/malware to outsourced security suite developers.
- These services also allow for around-the-clock monitoring, which is something that most businesses can’t provide, being restricted to the typical working hours that are in place.