SECaaS Will Gain Momentum In 2015

by CXOtoday News Desk    Dec 17, 2014


Security-as-a-service (SECaaS) will be the biggest value added “service innovation” that service providers will be forced to make in 2015, predicts Indusface, a leading provider of application security solutions for web and mobile applications. With multiple industry experts predicting 200-300% increase in SMB breach incidences, vendors will have to offer more customizable, flexible and cost effective solutions, says the company.

In its recently released security predictions for 2015, Indusface emphasized the need for fully managed integrated security solutions that can effectively monitor and detect online vulnerabilities and defend against them anytime, anywhere.  The year 2014 witnessed some of the most notorious security breaches with major attacks from Heartbleed, Bash, Poodle and Drupal core SQL injection vulnerabilities. Such incidents cannot be handled by just issuing random software patches. They have to be prevented or fixed immediately through a proactive defense mechanism, asserts the company in its report.

“We cannot see how SMBs and large enterprises will be able to protect their web assets without a solid security-as-a-service vendor protecting their perimeters.When thinking about IT as a whole, and security specifically, ‘as-a-service’ models are going to rule the checkbook. It’s difficult to keep updating your security posture, unless you have experts to take care of them,” states Ashish Tandon, Chairman and CEO, Indusface.

According to industry estimates, about 300,000 website owners have not been able to fix Heartbleed even after eight months of the vulnerability being widely reported and fixed. A large number of these websites are possibly owned by SMBs who tend to act only “if” they get attacked. But such an approach may not work any longer. With incidents of security breaches at an all-time high, there is a greater need for security-as-a-service vendors.

Tandon explains, Using generic security solutions can only help perform periodic checks which are proving insufficient in the present security landscape.” adding that by customizing solutions to provide on-demand scanning which includes proactive vulnerability assessment, malware monitoring and application audit, companies can ensure better protection to customers.

In an earlier report Gartner also emphasized on security as a services stating that By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud.

“A significant number of security markets are being impacted by newly emerged delivery models. This is resulting in the growth of cloud-based security services, which are transforming, to different degrees, the way security is supplied and consumed by customers. While cloud-based services’ competitive pricing puts pressure on the market, the cloud is also providing new growth opportunities, as some organizations switch from deploying on-premises products to cloud-based services or cloud-managed products,” said the report.

According to Gartner, more than 30% of security controls deployed to the small or midsize business (SMB) segment will be cloud-based by 2015, as they are looking for more advanced managed security services capabilities such as security analytics, for which they may not have the inhouse resources.

According to analyst firm Frost & Sullivan, the shift to a security-as-a-service has been driven by a number of factors including a shortage of qualified IT security staff. According to the analyst firm, security-as-a-service has removed the issue of contractors and lowered maintenance overheads, by placing responsibility for delivery and maintenance of the security offering on the cloud services provider. It sees security-as-a-service to be offered in three primary areas such as traditional [security] software, virtual appliances and cloud security.”

Security experts assert that CISOs will have to look beyond their current reactive approach to managing security. Organizations need to have proactive security systems with a step-by-step approach that clearly defines “when we get attacked, this is how we will protect ourselves” be it for DDoS attacks at application layer or mass data breach attempts using one of the vulnerabilities.