Organizations that are looking for security features including identity management, encryption and access control -- and at the same time want to take advantage of the cost and flexibility benefits of the cloud -- might check into security-as-a-service offerings available now from several vendors.
In this scenario, security is delivered as a service from the cloud, without requiring on-premises hardware. "The largest benefit to using security as a service is the ability to avoid sometimes substantial capital outlays," says Lawrence Pingree, a research director at Gartner Inc. who covers the security market.
In addition, Pingree says, some of the cloud-based security services provide the flexibility needed to address certain use cases. For example, email filtering services are popular since some mobile device platforms limit the ability for endpoint protection products to run on them.
Other use cases include virus protection, vulnerability management, identity management and single sign-on. Gartner forecasts that cloud security services will grow from $1.9 billion in 2012 to $4.2 billion in 2016, with a compound annual growth rate of 23%.
Here's how three companies have integrated cloud-based security services into their IT infrastructure -- and how they've protected themselves from service outages, data breaches and other risks that come with placing corporate security in the hands of an outside organization.
Email continuity and virus protection
When it comes to protecting a business from malware, cloud services are often "ideal for providing both the centralized distribution and flexibility" that security providers need to distribute information to their customers, Pingree says. It's also a good fit for some customers, because they can rely on vendors to keep malware definitions updated without having to do that themselves.
Sirva Inc., a Westmont, Ill., provider of corporate relocation services, has been using cloud services since 2009. That's when Sirva deployed Symantec Corp.'s Email Continuity cloud service, a standby email failover system that provides virtually uninterrupted access to email in the event of a mail server outage.
Over the next few years Sirva adopted other cloud-based services, including a URL-blocking application from Websense Inc. and a penetration-testing service from WhiteHat Security.
By the end of March, Sirva expects to begin using Microsoft's Office 365 cloud service, which includes security functions such as anti-spam, anti-virus, identity management and email encryption, says Adam Diab, manager of contract and solution delivery at Sirva.
The biggest driver to moving security and other IT functions to a services model is cost reduction, Diab says. Costs of on-premises hardware and software have been mounting, he says. Many of the company's IT vendors were charging Sirva for disaster recovery (DR) services even when the company was not using these services.
They wanted to charge us for a service that did nothing," at least most of the time, Diab says, so Sirva began looking for DR options where it would pay only for services it was actually actively using.
Sign up for CIO Asia eNewsletters.