Security as a Service insight
March 1st, 2012
I was sent over a few questions from a journalist the other week, generally interested in what was going on within the Security as a Service market. I thought that this may be of interest to a few people:
What forms does Security as a Service take?
Security as a service takes many forms. In effect it’s outsourced management of elements of security, now generally mixed in with a range of hosted/cloud services. The range of security services provided is vast and goes down to a granular level, i.e. from simple SPAM filtering of email, through to cloud-hosted anti-virus, remote automated vulnerability scanning, managed backups, cloud-based DR and business continuity systems, cloud-based 2-factor authentication systems, plus much more.
The services are either delivered directly from the vendor where the reseller takes a commission, or they are delivered from specialist firms who have the in-house skills capable of building, integrating and managing specialist security services for their customers.
Will vendors and customers prefer this options going forward? Why?
It is the preferred route for many vendors as they have to meet the trend and reseller and user demand for cloud/managed services. It’s certainly the case in the SME markets as both the resellers and the end-users often don’t have the skills and/or resources to manage these environments/services correctly.
Paying for security as a service has de-risked many of the decisions that used to float around when choosing a security platform. This has encouraged end-users to consider technologies that would have previously been out of their budget and skill-base.
I’d say that vendors are certainly finding that their products are slightly stickier with the end-user base. In many cases, the vendor is selling directly to the user-base as well as through the channel.
What is driving its adoption?
Lower-end resellers are able to sell services to a customer-base without the higher-level skills traditionally required, i.e. server, networking, and general infrastructure. They then take first line support and back-off anything else to the vendor.
Customers can gain services that previously would have been out of reach due to the costs and skills, i.e. 2-factor authentication and DR solutions. A £100K project five years ago can now be delivered on a £1000 budget with no CapEx.
Marketing and cloud-hype have certainly helped the cause for Security as a Service. For a long while, many business leaders have been scared of IT due to previous large IT project failures. Cloud gives them some peace of mind as they aren’t risking the CapEx.
What options and opportunities are there for resellers to get involved?
Most vendors now give the resellers a cloud platform or license agreement that allows them to build their own platform. I think you’ll see the majority of the run-of-the-mill security services, i.e. AV and SPAM filtering delivered by this model, especially within the SME market. Larger organisations will be slower to adopt as they’ll often have internal resource capable of building / managing their own infrastructures. Many larger organisations will pay for Security as a Service but this will come from more specialist reseller/consulting firms who can integrate and manage the services to a much greater level.
How easy will it be for the traditional box and shrink-wrap type partners to sell Security as a Service?
It’s all fairly easy to sell in essence, and in the first instance. The issues come for the reseller in the box/product-shifting space when problems arise on a technical level. Those resellers who just sell product and services, or have low-level technical support will suffer. They will have no control and often don’t know how to pinpoint issues. We see a fair amount of telecoms and print companies trying to resell IT Services without understanding the ‘bigger picture’. This tarnishes the whole IT service and cloud market.
IT services are not a commodity. You can package them up as much as you like into a product but the underlying complexities will often remain. You get value in IT through proper analysis, intelligent integration and a genuine understanding of business. I’m forever dismayed by organisations turning up at my door trying to get a service they were contracted with another provider to work – and it never will. IT is getting more complex, not simpler.
In the press: The future of cloud computing
Originally published on Mail Online. While the ‘cloud’ is not new, it is big business. Providers such as Amazon, Microsoft and Google are spending billions on their cloud infrastructure, and some commentators believe the cloud computing market could be worth more than £312 billion by 2020. Cloud services offer greater flexibility to businesses of all […]
In the press: Energy costs are now the top priority for data centre operators
The change in approach has been swift. “Energy costs are now the number one priority for data centre operators,” says Brian Murray, a strategist for the technology services provider 2e2. “It’s not just about the cost of power – it’s about capacity constraints and security of supply. We are seeing more and more communications providers, […]
In the press: Insurers’ IT security is “inconsistent”
QuoStar CEO Robert Rutherford says that the number of security breaches that have occurred in the last year alone suggests that insurers have been inconsistent in maintaining their IT security levels. His comments come as the British Insurance Brokers Association (BIBA) announce the formation of a cyber committee at their 2016 conference. The aim of which […]