It is easy to be sucked in by the hype. Take cloud computing; everyone is talking about it as something revolutionary—but haven’t we been here before, asks Dave Abraham, CEO at Signify.
The idea of managed security applications and services are not new and while predictions of 40% growth in the Security as a Service (SaaS) market by the likes of IDC are attracting the attention of the large security product vendors, companies such as mine have been providing hosted security services for many years.
So why the renewed interest? Certainly, while security spending is holding up driven by increased threats and the growing burden of compliance, the current financial crisis is making organisations question how budgets can be reduced without compromising security. IT directors are finding it increasingly difficult to get security spending plans signed off that require significant up front investment.
Suddenly the idea of a pay-as-you go service with minimum installation and deployment costs, fixed monthly usage fees and a service that can be easily scaled up or down depending on demand, sounds an attractive proposition. For end users, a properly hosted or managed service also eliminates the need to employ specialist and costly in-house skills and frees up staff to focus on core business challenges.
While many end user organisations have embraced the emerging SaaS model, outsourcing security in particular can still present a mental barrier and concerns in the boardroom. These barriers and fears are being overcome by a growing number of specialist MSSPs?Managed Security Service Providers that deliver the complex bits of the security jigsaw that require specialist knowledge, infrastructure and support.
MSSPs have to provide the highest levels of security, reliability and control to deliver the essential trust and confidence. It is now possible to put together a complete security solution using a combination of well-proven managed services from different providers. For example, you can take Web and e-mail filtering and e-mail archiving from Webroute or Messagelabs; intrusion detection and vulnerability testing from Qualys and laptop disk encryption from AlertSec.
Good companies provide a secure 24/7 two-factor authentication, fully hosted and managed service that removes the cost and complexity of deploying and managing strong remote access authentication for organisations of all sizes. Every user should be verified and secured using a flexible range of token and tokenless authentication options.
Token or tokenless?
Dedicated and simple hardware tokens such as the popular RSA SecurID Tokens generate a one-time passcode (OTP), typically every 60 seconds and can be used in combination with a secret PIN for secure authentication. Alternatively the OTP can be provided through software tokens for BlackBerries or Windows mobiles, giving users the same level of protection but with the convenience of being delivered through the mobile device. These are both ideal for frequent users who need anytime, anywhere access to corporate applications and resources.
But there has also been considerable interest in OTPs that can be delivered on-demand to a user’s registered mobile phone, PDA or e-mail account by SMS or e-mail. This approach means that the user does not have another device to carry around, but requires an additional request stage. This approach is therefore best suited to occasional users, contractors, part-time staff and those checking email from home.
The reality is that it’s a case of ‘horses for courses’ and the ability to mix both token based and tokenless two-factor authentication hosted services means authentication solutions can be tailored to meet specific customer needs, budgets and working patterns. The service provider runs the service infrastructure and also provides all of the automated, 24×7 policy-based procedures, logistics and support that are essential to keep remote users happy and the customer satisfied and secure.
Today, a new services channel model is emerging; one that accepts the integrator is central to delivering managed services to the mass mid-market. The shift is from traditional system integrators that deliver solutions built from hardware and software products, to service integrators that are able to integrate a complete suite of in-house and third party services and offer end users a complete, fully managed service-based solution.
As a result, many systems integrators such as 2e2, Serco and DataConnect are increasingly becoming service integrators that can concentrate on meeting customer needs while relying on the MSSP to build and deliver reliable and secure, non-stop 24×7 services. There will, of course, always be customers who want to do it for themselves; but companies increasingly see the true benefits of outsourcing specific security functions to specialist providers.
With no immediate end to the lack of credit facing many businesses, managed services, SaaS or Cloud Computing Services?whatever name you want to give them?provide the ideal solution for companies that realise they simply can not afford to compromise on security.