Security as a Service Insight
1 March 2012
I was sent over a few questions from a journalist the other week, generally interested in what was going on within the Security as a Service market. I thought that this may be of interest to a few people :-
What forms does Security as a Service take?
Security as a service takes many forms. In effect it’s outsourced management of elements of security, now generally mixed in with a range of hosted/cloud services. The range of security services provided is vast and goes down to a granular level, i.e. from simple SPAM filtering of email, through to cloud hosted anti-virus, remote automated vulnerability scanning, managed backups, cloud-based DR and business continuity systems, cloud-based 2-factor authentication systems, plus much more.
The services are either delivered direct from the vendor where the reseller takes a commission, or they are delivered from specialist firms who have the in-house skills capable of building, integrating and managing specialist security services for their customers.
Is this the preferred option for vendors and customers going forward? Why?
It is the preferred route for many vendors as they have to meet the trend and reseller and user demand for cloud/managed services. It’s certainly the case in the SME markets as both the resellers and the end-users often don’t have the skills and/or resources to manage these environments/services correctly.
Paying for security as a service has de-risked many of the decisions that used to float around when choosing a security platform. This has encouraged end-users to consider technologies that would have previously been out of their budget and skill-base.
I’d say that vendors are certainly finding that their products are slightly stickier with the end-user base. In many cases the vendor is selling directly to the user-base as well as through the channel.
What is driving its adoption?
Lower-end resellers are able to sell services to a customer-base without the higher-level skills traditionally required, i.e. server, networking, and general infrastructure. They then take first line support and back-off anything else to the vendor.
Customers can gain services that previously would have been out of reach due to the costs and skills required to build and manage them, i.e. 2-factor authentication and DR solutions. What may have been a £100K project five years ago can now be delivered on a £1000 budget with no CapEx.
Marketing and cloud-hype have certainly helped the cause for Security as a Service. For a long-while many business leaders have been scared of IT due to large IT project failures in the past. Cloud gives them some peace of mind as they aren’t risking the CapEx.
What options and opportunities are there for resellers to get involved e.g. hosted email/anti-virus?
Most vendors now give the resellers a cloud platform or a service provider license agreement that allows them to build their own managed service platform. I think you’ll see the majority of the run-of-the-mill security services, i.e. AV and SPAM filtering delivered by this model, especially within the SME market. Larger organisations will be slower to adopt as they’ll often have internal resource capable of building/managing their own infrastructures. Many larger organisations will pay for Security as a Service but this will come from more specialist reseller/consulting firms who can integrate and manage the services to a much-greater level.
How easy will it be for traditional box and shrink-wrap type partners to sell Security as a Service?
It’s all fairly easy to sell in essence, and in the first instance. The issues come for the reseller in the box/product-shifting space when problems arise on a technical level. Those resellers who just sell product and services, or have low-level technical support people in place will suffer as they have no control and often don’t know how to pin-point issues. We see a fair amount of telecoms and print/copier companies trying to resell what are, in effect, IT Services with no understanding of the ‘bigger-picture’. This tarnishes the whole IT service and cloud market.
IT services are not a commodity. You can package them up as much as you like into a product but the underlying complexities will often remain. You get value in IT through proper analysis, intelligent integration and a genuine understanding of business. I’m forever dismayed by organisations turning up at my door trying to get a service they were contracted with another provider by to work – and it never will. IT is getting more complex, not simpler.