Rohit Kumar, co-Founder, Paladion, finalises the concerns with SaaS providers. "With due credit to all its benefits, SaaS, if not evaluated properly, could have a serious shortcoming; single point of failure (SPOF)," he says.
"This is the responsibility of the vendor providing the SaaS. Unfortunately, not all managed security services (MSS) are created equal. There are instances where even basic software/hardware vendors label themselves as MSS providers hoping to leverage the buzz around the term."
Adapting to the future
Aside from the concerns with SaaS, it does appear as though vendors are making the leap toward products as a service, made available through the cloud, and security isn't going to be the exception.
Taking traditional hardware products and delivering them as a pay-by-use service is no doubt the future market model for vendors, but how does this change the way in which these vendors and their partners approach the market?
"There is a need for transformation of the business model of vendors, to meet the market demand," says Jatin Sahni, du.
"Cloud adoptation is slow in this region, however there is a trend that enterprises and SMEs are moving towards trusted cloud providers who have robust and mature security services and governance processes in place. Vendors or service providers who leverage the security as a differentiator to their core offerings will capture the trust in the market."
Miguel Braojos, VP Sales, SEMEA, SafeNet, believes that taking standard traditional hardware products, which include security encryption, is a tough task for vendors, and lays out areas in which he claims they can improve, moving forward.
"As organisations seek to bring traditional hardware encryption approaches into cloud and virtualised environments, these technologies present security teams with a range of challenges. Most significantly, these solutions take too long to deploy. In virtualised environments, resources and workloads can be frequently and quickly initiated, migrated, and terminated. Traditional hardware-based approaches to encryption simply take too long to implement — making them impractical to employ in these dynamic environments," he explains.
"Exacerbating matters is the fact that encryption in many organisations has been deployed and managed in a disparate, isolated fashion. In traditional data centre environments, this isolated management of encryption breeds inconsistency, security gaps, and inefficiency — those issues only grow more pronounced in cloud and virtualised environments. These are all areas where traditional vendors need to improve."
Dr Tamer Aboualy, CTO, IBM Security Services, points to a more regionally focused element of evolution that vendors must respond to: "In the context of security services, traditional vendors need to focus on understanding the evolving changes in global customer demands, but not forget the criticality of understanding regional requirements. Ongoing investment and innovation is also mandatory. This can come in the form of building within, purchasing, or partnering."
Sign up for CIO Asia eNewsletters.