Small and midsize companies confront two chronic conditions related to information security: lack of time and a dearth of deep expertise. For many, the answer will be software-as-a-service security
All business leaders have concerns about keeping their organizations secure. Where smaller businesses part company with large enterprises is in how they plan and act to thwart security threats. The acute scarcity of resources chronic to smaller companies narrows available options, forcing business and IT decision makers to prioritize ruthlessly from a host of security strategies and counter measures in search of the highest return on investment.
These small and midsize businesses confront two constant conditions: lack of time and a lack of deep expertise. For many SMBs, the answer is to embrace software as a service (SaaS) for security. "SaaS security is a perfect fit for small and medium businesses whose IT staff, if any, lack the resources to manage security solutions. With SaaS security, the SaaS vendor manages, maintains, and updates the security solution for them, 24/7/365," says Jon Clay, SMB product marketing manager with Trend Micro. "Many of the larger businesses have sufficient resources, a full staff of skilled IT administrators, and infrastructure to focus and monitor their security solution to ensure they are updated and working properly. Small and medium businesses' IT staff rarely have this luxury, and therefore moving to a SaaS security offering allows them to focus on other items and not worry about their security solution."
Trend Micro isn't alone in seeing the potential for SaaS security. McAfee, Symantec, Webroot, and others now offer service-based solutions. One Gartner estimate released at the recent IT Security Summit predicts that by 2018, 85% of security intelligence, 70% of messaging security, and 65% of secure Web gateways will be offered as services.
Dan Woodward, director of marketing for midsize business at Trend Micro, concurs with the Gartner estimates, naming e-mail security and Web gateways as two of the five most common security services that smaller business are adopting via SaaS, along with endpoint security, compliance management, and e-commerce protection.
According to Chris Schin, senior director, product management and business operations for Symantec, components of virtually any solution can be delivered in a SaaS model. "Even something as tied to on-premise as endpoint security can be delivered with policy management, reporting, and alerting served up in the cloud," he says. "Certain solutions do have better affinity for SaaS than others, but there is really no solution that cannot have some aspects delivered through a SaaS solution."
Trend Micro's Woodward emphasizes that every organization can benefit from SaaS, whether it is the only protection, replaces existing protection, or is part of a multilayered approach, yet he does acknowledge several organizational considerations identified by Gartner. These include smaller businesses that do the following:
-
Have a limited set of centralized Internet access points;
-
Have a small percentage of remote workers;
-
Have a high IT head count;
-
Have a proficient server management operational process; or
-
Value granular control over technical solutions.
When evaluating SaaS options, decision makers must weigh different variables. Comparing SaaS with on-premises solutions requires analyzing the total cost of ownership rather than simply purchase and installation costs. In addition, because the quality of service defines the value of SaaS solutions, it's vital for business to review service-level agreements with rigor and carefully vet a vendor's reputation and ability to execute.
The SaaS value proposition is attractive, for security as well as other business applications, and smaller businesses are making the move in growing numbers. According to AMI-Partners, SaaS adoption for midsize business doubled (from 15% to 30%) between 2004 and 2007, with continued growth expected this year; over the same period, small-business SaaS adoption leaped from 10% to 21%.
As more security providers offer SaaS security solutions, smaller businesses will have more choices to address their security needs effectively and affordably, freeing valuable time and resources to focus on growing the business.
