Some technologies are all about performance—the Moore’s Law cycle of "smaller, faster, cheaper", for example. Others address business issues—the way virtualization dissolves physical barriers to server consolidation.
Security as a Service—SaaS—falls squarely in the second camp: it’s a way of delivering security that’s ideal for today’s business practices, and tomorrow’s challenges. SaaS routes all of a business’s inbound and outbound email and Web traffic through a provider’s network of high-performance data centers. The provider scans, tests, and then blocks, quarantines, or forwards the traffic using infrastructure, skills, and processes that few businesses could afford on their own, and does it all outside its clients’ business networks. What is SaaS and why is that so good for business? Let’s see:
SaaS cuts a lot of different costs. Start with capital equipment, the servers and appliances to keep malware and spam off business networks. Then add maintenance, licensing, upgrade, and replacement expenses, plus staff time for round-the-clock management and support (this is security, after all). And don’t forget hidden costs like facilities, power and cooling, advanced training and competitive salaries for internet security specialists. SaaS doesn’t eliminate all of the costs, but reductions are pretty dramatic.
The provider scans, tests, and then blocks, quarantines, or forwards the traffic using infrastructure, skills, and processes that few businesses could afford on their own, and does it all outside its clients’ business networks.
IT Security is complicated—that’s part of what makes it so expensive. Putting it in the care of offsite specialists removes several burdens from the business. Financial planning is easier, because SaaS is a subscription, not a series of capital investments plus a maintenance program. And in most cases, SaaS replaces a multivendor infrastructure with just one relationship to manage. Finally, capacity planning and scalability can be managed easily by the provider, not the business.
Filtering out spam, malicious code, and out-of-compliance Web traffic consumes bandwidth, processor cycles, and storage; keeping signatures and libraries up to date chews through even more. Heuristics to block ‘zero-day’ attacks—new or custom malware that doesn’t have a signature—take a lot of processor power away from the work those systems were purchased for. SaaS takes that work offsite, and puts it on systems that were designed to do it on an industrial scale.
There are a few government agencies and multinational corporations for which IT security is a core competency. But for most businesses it’s an expensive, complicated, unpleasant distraction. SaaS providers’ business models are built on delivering and documenting more effective security at lower cost, and they make the infrastructure, staff, and process investments they need to succeed. Check the metrics on a world-class SaaS provider’s dashboards, reports, and service-level agreements: it’s a rare business that can do better.
Compliance—with industry standards, government regulations, legal discovery obligations, or internal policies—is a business responsibility that can’t be outsourced. But it can and should be simplified, and SaaS is an excellent way to do it. SaaS providers organize and retain logs, prepare reports, and document processes more efficiently than most businesses can, and without the burdens on internal staff. In addition, providers with a global footprint help businesses meet requirements of jurisdictions outside their home country.
Most businesses find keeping up with security a burden—no wonder they’re late to adopt new technologies and practices. Data loss prevention, archiving, and encryption practices at many firms are behind the levels recommended for compliance with Payment Card Industry and other standards, and legal e-Discovery obligations. For SaaS providers, new regulations are opportunities to introduce new services, so they offer businesses a cost-effective way to keep up.
Premise-based internet security is exactly what it says. Business with multiple premises—regional or country branch offices, sales offices, and so on—need to work hard to maintain internet security and compliance consistently across them all. And the de facto "premises" of remote access via smart phones or over third-party networks are difficult to monitor and hard to control. SaaS protects traffic in both directions for all premises and devices, ensuring consistency.
SaaS applies world-class infrastructure, skills, and processes to deliver internet security and performance service levels most businesses can’t afford on their own, while keeping risks, junk, and excess traffic off business networks. But its greatest value is everything businesses can do once they get those resources back.
Look for an SaaS provider who offers the transparency to let you evaluate your protection, and the accountability to stand behind their promises and claims. Of course, we recommend Webroot—an industry pioneer in business-grade SaaS solutions that integrate layered security, data-protection, data management, and policy management in the cloud. Webroot products come with the industry’s best customer support, and we guarantee their performance and availability.