Another potential downside of using these services is that many of the providers offer simple, fixed/non-negotiable service level agreements (SLAs) and limited liability recovery, Diab says.
Companies looking into security-as-a-service in general or seeking information on best practices can turn to variety of resources. For example, the Cloud Security Alliance's Security as a Service Working Group in October 2012 completed a peer review process and published implementation guidance documents.
The Working Group's Implementation Guidance includes peer-reviewed documentation for each service category, including identity and access management, data loss prevention, Web security, intrusion management, email security, encryption, business continuity and disaster recovery, network security and security assessments.
Given that many of these services are fairly new, it's probably a good idea to look into resources such as these before taking the security-as-a-service plunge.
Sign up for CIO Asia eNewsletters.