The software as a service (SaaS) delivery model has taken hold in various segments of the enterprise software market, most notably in the customer relationship management (CRM) sector. Champions of the SaaS model, like, have proven the viability of an on-demand solution and demonstrated a compelling ROI to customers. With SaaS, companies in the spotlight and with high-bandwidth pipes all but ubiquitous in the corporate environment, it seems logical that the SaaS model would be increasingly prevalent in other segments of the enterprise market, such as security. SaaS-oriented HR, enterprise resource planning (ERP), and CRM vendors have allayed many of the initial concerns of a hosted delivery model including data security and availability, integration and customization, yet for certain software sectors, the SaaS model may take a different evolutionary path. The security market exemplifies a sector in which traditional desktop deployments, hosted applications, outsourced solutions and true multitenant SaaS are manifesting themselves in a variety of combinations to meet the unique needs of clients. 

Competing pressures in the IT services space are providing fertile ground for the growth of security as a service opportunities. As general economic conditions worsen, IT budgets are tightening. Security as a service addresses the heightened demand for best-of-breed security solutions offered in an economical delivery model.


Many of the generic attributes of the SaaS model can be applied to the security space, including lower upfront capital expenditures and a reduction of ongoing maintenance and support costs. There are also a number of specific nuances to the security market that a SaaS delivery model can help address. For example, bandwidth costs for an enterprise can be substantially reduced by the remote removal of worms and viruses (that can consume bandwidth through their scanning activities) and through the elimination of spam email, which accounts for upwards of 90 percent of email traffic. SaaS also allows for reporting and auditing functions to be outsourced and can reduce security and regulatory related storage costs. Switching costs are also negligible, with little to no equipment requirements and minimal changes to network architecture. The benefits of SaaS are enhanced in the small to midsized business (SMB) environment where cost savings and the level of security provided are magnified due to the shared security infrastructure model.


Perhaps the most significant driver of the security as a service model is the rapid speed in which the threat environment changes. New threats emerge on a daily basis, but the cycle to identify the correct risk mitigation product and to integrate the solution into an on-premise security platform can be protracted. Solutions need to be put in place nearly as fast as the threat is identified. Leveraging the most current security technologies in a cost-effective manner without latency is a key merit of the on-demand model. One additional important benefit of a hosted security model is the networked effect: once a threat is detected, everyone benefits instantly.


Despite a market that seems primed for a SaaS revolution, a full security as a service model has been slow to take hold. Commonly cited challenges to adoption include: the use of shared equipment which may limit configuration and policy options; availability; and financial stability of the vendor (given that many providers are relatively new firms). Even the perception of not having on-site security equipment can create a negative bias to the hosted model. While the economics of a hosted security solution are compelling, those dollar savings cannot overcome the potential cost of a security breach. This potential, which could result in irreversible damage to reputation and customer confidence, not to mention sizable dollar costs, appears to be the primary adoption inhibitor. As such, the security as a service landscape appears to be evolutionary, not revolutionary.


From both a client and vendor perspective, security as a service remains in a nascent stage. SaaS security providers have yet to realize healthy profit margins because they are slugging it out with competitors for market share. Clients are moving beyond some of their aversions to a hosted security solution, but in practice solutions tend to be piecemeal. Some of the most visible vendors in the pure-play SaaS security market are still quite small.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access