Eat in or take away?
Nicolai Solling, Director of Technology Services, help AG, claims that cost isn't really the aspect of SaaS that organisations should be focusing on.
"One of the major misconceptions is that managed services, specifically security-related managed services, is just about cost-savings. In fact, it may not be cheaper than in-house operating environments. However, the benefit of SaaS is that the services can often be operated better than in-house offerings," he says.
"Another thing, which I hope SaaS will deliver on, is taking the cross-organisational attack information and applying this intelligence across the environments they are operating. Once an event in one organisation creates protection for another organisation, then SaaS becomes truly valuable."
Jatin Sahni, Vice President, Large Enterprise and Business Solutions Marketing, du, believes that traditional in-house security has also created its own barriers, which managed security services (MSS) now must overcome — another benefit of switching to a managed model.
"The traditional in-house security has many barriers to overcome. It requires lengthy time to procure, deploy and integrate the security to the business processes. The in-house security cannot keep up with the emerging threat landscape and advanced persistent threats," he says.
"The SaaS provider has state-of-the-art technologies, a skilful team, threat intelligence, agile processes, KPI/SLA driver deliverables and, more importantly, fast response capabilities to security incidents. These capabilities can be easily provided to enterprise with seamless integration of enterprise business processes with a fraction of the cost of total security investment of enterprise."
Concerns in outsourcing
Outsourcing all of an organisation's security leaves it under someone else's control, and its fate is ultimately in someone else's hands, says Osama Al-Zoubi, KSA Country Lead, Senior SE Manager, Cisco, who questions some of the concerns facing SaaS.
"Take, for example, a service provider with 1,000 customers. If they are hacked then everyone is compromised — that's 1,000 customers hacked. So these providers become a far more attractive attacking point," he says.
Natalya Kaspersky, CEO, InfoWatch, points toward more recent security stories to stress the importance of SaaS providers' safety guarantees.
"The main risk is confidential data leakage, and the cost of such leaks is usually very high. To prevent these incidents, companies must encrypt their information. And now as we hear about the scandals with American secret services spying on users' emails, companies should be even more careful about storing their information in the cloud," she says.
"There is also a legal issue regarding the responsibility for the information security in the cloud. Neither SaaS providers, nor their customers, want to take the responsibility. This problem can be solved by attracting insurance companies into the process. As for regulations, they are different from country to country. In some countries, they are strong, but in some they are not."
Sign up for CIO Asia eNewsletters.