Game-changer in the cloud

When total cost of ownership is considered, security as a service delivers a more cost-effective and comprehensive solution.

Read time 4min 40sec

Back in the 1960s, the idea of business applications being centralised and shared among many users as a way to reduce the high costs of computer ownership took root. The concept of the 'service bureau' was born and many of the big names of the day, including IBM, moved quickly to gain a foothold in this emerging business.

Many of the largest organisations in the public and private sectors availed themselves of this service which was popular for almost three decades until the arrival of the Internet in the early 1990s. The Web gave rise to more specialised bureau, now called application service providers (ASPs), which offer a variety of hosting and application management services.

ASPs built the foundation for an extension of their business model, today known as software as a service (SaaS), a software delivery model in which software and associated data are centrally hosted in the cloud by independent software vendors (ISVs) or new-age ASPs.

While SaaS has become a common delivery model for many business applications, it has heralded the arrival of an extensive range of cloud-based services emerging for users to access on demand. These include infrastructure as a service (IaaS), platform as a service (PaaS), and emerging operations such as healthcare-as-a-service and even marketing-as-a-service.

In fact, the SaaS model has spawned the XaaS concept (everything as a service) which is giving companies the ability to customise their computing environments to cater for the experiences they desire, all on demand.

It has also given rise to security as a service (SECaaS), a business model in which a service provider integrates its security services into a customer's corporate infrastructure on a subscription basis. When total cost of ownership is considered, SECaaS delivers a more cost-effective - and comprehensive - solution than most individuals or corporations are able to provide for themselves.

Major progress

Seen as the next step in the evolution of managed security service (MSS), SECaaS is, according to a prominent research group, poised to radically change existing IT security infrastructure landscapes.

In terms of the SECaaS model, security is delivered as a service from the cloud, without requiring on-premises hardware, thus avoiding substantial capital outlays. The security services provided can include authentication, anti-virus, anti-malware/spyware, intrusion detection and security event management, along with many other services which are rapidly gaining traction and acceptance in both private and public enterprises.

Significantly, SECaaS offerings can vary from fine-grained basic services addressing highly specific security needs - such as biometric user authentication - to coarse-grained solutions covering a broad set of security functions.

If the XaaS model has already revolutionised the way organisations approach application purchases and infrastructure management, why is SECaaS expected to be a 'game changer' as far as security is concerned?

One of the reasons is the growing popularity of non-traditional enterprise applications in business. This has opened the doors to devastating, new-generation security risks which now require organisations to spend more time considering the security implications of these 'apps' which are increasingly used by employees who demand a socialised working environment that is progressively blurring the lines between personal-social and business-social apps.

SECaaS will never be a 'one-size-fits-all' solution. It will be tailored to meet the nature of the attacks encountered.

Could SECaaS represent the 'magic bullet' that will resolve the increasingly complex security challenges that revolve around these and other issues in the cloud? There is a school of thought suggesting SECaaS is already in the process of achieving this goal, overshadowing SaaS, IaaS and PaaS in the process.

According to analysts, the market for SECaaS services will grow to $4.2 billion in 2016 with a 23% compound annual growth rate, changing the game when it comes to the provision of intelligent, 'app-centric' cyber security needed to thwart the new breed of cyber criminals.


SECaaS technology will provide security that is flexible and responsive, associated with factors such as the apps in use, their location and user profiles. In this vein, SECaaS will never be a 'one-size-fits-all' solution. It will be tailored to meet the nature of the attacks encountered. The barriers provided by SECaaS will be capable of dealing with the predicted trend towards increasingly large attacks underpinned by evolving, malware-resident 'amplification techniques'.

SECaaS solutions could also be game-changers for the reseller community too, allowing dealers to become host providers and enabling them to provision and manage virtual firewall solutions to help secure their customers' virtualised computing environments. Services will be offered on a per-month rental basis, obviating the need for capital investment by the customer.

We can expect features to include intrusion prevention and detection, application control, content filtering, anti-virus and virtual private network monitoring presented in service packages that can be deployed minutes after the pay-as-you-go pricing is agreed and the deal is signed.

One of the milestones yet to be reached along the road to cloud computing maturity is the broad-scale application of water-tight security on a global scale. SECaaS is poised to achieve this. Will it be seen as the game changer by future cloud generations?

Martin May

Regional director (Africa) of Extreme Networks.

Martin May is the regional director (Africa) of Extreme Networks. The author of the book: “Everything you need to know about networking”, he is a leading authority on infrastructure security using NAC, IDS/IPS and other network-based technologies. With experience gained in Russia, Germany, UK, the US and various parts of Africa, he is directly involved with system design and implementation at enterprise level. His emphasis is on the evolution in network architectures brought about by the concept of cloud computing. May hosts regular workshops assisting South African dealers and resellers to understand the implications, complications, opportunities and international trends surrounding the cloud. A proponent of social networking for business, he is active on Facebook and makes extensive use of YouTube.

Login with