Security As A Service
   HOME

TheInfoList



Click Here for Items Related To - Security As A Service
OR:
Security As A Service on:   [Wikipedia]   [Google]   [Amazon]

Security as a service (SECaaS) is a
business model A business model describes how an organization creates, delivers, and captures value,''Business Model Generation'', Alexander Osterwalder, Yves Pigneur, Alan Smith, and 470 practitioners from 45 countries, self-published, 2010 in economic, soci ...
in which a
service provider A service provider (SP) is an organization that provides services, such as consulting, legal, real estate, communications, storage, and processing services, to other organizations. Although a service provider can be a sub-unit of the organization t ...
integrates their security services into a corporate infrastructure on a subscription basis more cost-effectively than most individuals or corporations can provide on their own when the
total cost of ownership Total cost of ownership (TCO) is a financial estimate intended to help buyers and owners determine the direct and indirect costs of a product or service. It is a management accounting concept that can be used in full cost accounting or even ecolog ...
is considered. SECaaS is inspired by the "
software as a service Software as a service (SaaS ) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software. SaaS is con ...
" model as applied to information security type services and does not require on-premises hardware, avoiding substantial capital outlays. These security services often include
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
,
anti-virus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
,
anti-malware Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
/spyware,
intrusion detection An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
, Penetration testing and security event management, among others. Outsourced security licensing and delivery is boasting a multibillion-dollar market. SECaaS provides users with
Internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...
services providing protection from online threats and attacks such as
DDoS In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...
that are constantly searching for access points to compromise websites. As the demand and use of
cloud computing Cloud computing is the on-demand availability of computer system resources, especially data storage ( cloud storage) and computing power, without direct active management by the user. Large clouds often have functions distributed over mu ...
skyrockets, users are more vulnerable to attacks due to accessing the Internet from new access points. SECaaS serves as a buffer against the most persistent online threats.


Categories of SECaaS

The
Cloud Security Alliance Cloud Security Alliance (CSA) is a not-for-profit organization with the mission to “promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure ...
(CSA) is an organization that is dedicated to defining and raising awareness of secure cloud computing. In doing so, the CSA has defined the following categories of SECaaS tools and created a series of technical and implementation guidance documents to help businesses implement and understand SECaaS. These categories include: * Business continuity and disaster recovery (BCDR or BC/DR) * Continuous monitoring *
Data loss prevention Data loss prevention (DLP) software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while ''in use'' (endpoint actions), ''in motion'' (network traffic), and ' ...
(DLP) * Email security *
Encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...
* Identity and access management (IAM) * Intrusion management *
Network security Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves th ...
* Security assessment * Penetration testing *
Security information and event management Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time ana ...
(SIEM) * Vulnerability scanning *
Web security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...


SECaaS models

SECaaS are typically offered in several forms: * Subscription * Payment for utilized services * Freeware, Some features free for additions have to pay: Examples include AWS, nmap.online,
IBM Cloud IBM Cloud, (formerly known as Bluemix) is a set of cloud computing services for business offered by the information technology company IBM. Services As of 2021, IBM Cloud contains more than 170 services including compute, storage, networki ...
* Free of charge: Examples include Cloudbric,
CloudFlare Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in Sa ...
, and
Incapsula Imperva Incapsula is an American cloud-based application delivery platform. It uses a global content delivery network to provide web application security, DDoS mitigation, content caching, application delivery, load balancing and failover ser ...
.


Benefits

Security as a service offers a number of benefits, including: *Cost-cutting: SECaaS eases the financial constraints and burdens for online businesses, integrating security services without on-premises hardware or a huge budget. Using a cloud-based security product also bypasses the need for costly security experts and analysts. *Consistent and uniform protection:SECaaS services provide continued protection as databases are constantly being updated to provide up-to-date security coverage. It also alleviates the issue of having separate infrastructures, instead combining all elements in one manageable system. * Constant
virus A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsk ...
definition updates that are not reliant on user compliance * Greater security expertise than is typically available within an organization * Faster user provisioning * Outsourcing of administrative tasks, such as log management, to save time and money and allow an organization to devote more time to its core competencies * A web interface that allows in-house administration of some tasks as well as a view of the security environment and ongoing activities


Challenges

SECaaS has a number of deficiencies that make it insecure for many applications. Each individual security service request adds at least one across-the-'Net round-trip (not counting installer packages), four opportunities for the hacker to intercept the conversation: #At the send connection point going up #At the receive connection point going up #At the sending point for the return; and #At the receiving point for the return. SECaaS makes all security handling uniform so that once there is a security breach for one request, security is broken for all requests, the very broadest
attack surface The attack surface of a software environment is the sum of the different points (for " attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small a ...
there can be. It also multiplies the rewards incentive to a hacker because the value of what can be gained for the effort is dramatically increased. Both these factors are especially tailored to the resources of the nation/state-sponsored hacker. The biggest challenge for the SECaaS market is maintaining a reputation of reliability and superiority to standard non-cloud services. SECaaS as a whole has seemingly become a mainstay in the cloud market. Cloud-based website security doesn't cater to all businesses, and specific requirements must be properly assessed by individual needs. Business who cater to the end consumers cannot afford to keep their data loose and vulnerable to hacker attacks. The heaviest part in SECaaS is educating the businesses. Since
data In the pursuit of knowledge, data (; ) is a collection of discrete Value_(semiotics), values that convey information, describing quantity, qualitative property, quality, fact, statistics, other basic units of meaning, or simply sequences of sy ...
is the biggest asset for the businesses, it is up to CIOs and CTOs to take care of the overall security in the company.


See also

*
Web application security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security i ...
*
Managed security service In computing, managed security services (MSS) are network security services that have been outsourced to a service provider. A company providing such a service is a managed security service provider (MSSP) The roots of MSSPs are in the Internet ...
*
Cloud computing Cloud computing is the on-demand availability of computer system resources, especially data storage ( cloud storage) and computing power, without direct active management by the user. Large clouds often have functions distributed over mu ...


References


External links


Security as a Service Working Group
{{Cloud computing As a service Internet security Outsourcing