Security as a Service
In 2001 a new type of IT security was introduced, known as Security as a Service (also known as SaaS, not to be confused with Software-as-a-Service). This service aims to deliver traditional security applications as an Internet based service.
SaaS works by routing all Internet traffic from a customers (your) network to the SaaS providers data centre, where content filtering services as well as malicious content scanning and removal is completed. These services are able to detect and clean web viruses, spyware, root kits, phishing sites and other nasty exploits, before they have a chance to enter your network perimeter. This whole process also happens in near real time, resulting in no perceived performance impact for the users.
In short, the SaaS provider acts as a “middle man” where all the scanning and cleaning takes place. It is however possible to bypass the SaaS providers network using an “exception list”. This list is normally configured on your Internet gateway device (usually a proxy server or firewall).
SaaS can be delivered for the consumer or enterprise markets, however it is the enterprise that I am particularly interested in. The five points below are what I consider the key advantages of SaaS:
No additional infrastructure required: As this service is delivered via the Internet, your company does not need to deploy any hardware/software on their premise. As a result you can save money and reduce the need for additional resources, as you do not need to purchase, setup or support any additional infrastructure.
Security from experts: Unless your company employ a group of market leading IT security experts, you will likely benefit from outsourcing your IT security to people who are. This means that you will not only take advantage of their expertise and experience, but also their purpose built infrastructure. For example, if you delivered on premise web security you would likely pick a big brand name such as Symantec, McAfee or Kaspersky. This would give you access to one scanning engine which may be adequate, however if you were to use a SaaS provider they would likely have access to all the main security scanning engines. Meaning your traffic would be scanned by Symantec, McAfee and Kaspersky. This type of in-house solution would be very difficult to setup and support, as well as very costly.
Benefit from the security network: It is important to remember that it is not only your Internet traffic that will be passed through the SaaS providers network, which has two key advantages. Firstly the SaaS provider is able to collect a huge quantity of data regarding the nasty websites found on the Internet. This allows them to deliver incredibly accurate and continually improving heuristic engines to scan for potential threats and provide additional protection, which would be impossible for an on premise solution to compete with. Secondly if a new threat is discovered on another customers network the SaaS provider would instantly flag it and automatically protect all other customers in real time, therefore significantly reducing the risk of a “zero day attack”. It is this type of attack that will often impact users of premise based security solutions as they have to wait for a new virus definitions update to be downloaded to all devices.
Instant scaleability: As the service is delivered from “the cloud” it is very easy to either increase or downsize the service based on your company’s needs. For example, if you employ another 1000 people you simply need to inform your provider of the increase in head count (and potentially pay an additional fee), this will then immediately take affect and all 1000 people will instantly be protected. In comparison with a premise based solution, you may require additional hardware which would need to be purchased, configured, installed and tested before you could go live.
Simple rollout: Simular to previous advantage “the cloud” architecture means that the service rollout is as simple as pointing your Internet gateway devices to the SaaS providers network. In some cases this can take no more then a few minutes to complete.
Although I am clearly a big advocate for SaaS and I believe the advantages of the service are truly tangible and will save an enterprise both time and money, it is important to note there are a few disadvantages:
Change to your external IP addresses: As your Internet traffic will now be routed through a third party network before reaching its destination, your externally facing IP address will no longer be used, instead you will see the SaaS providers. This can have some advantages, however if your company relies upon sites that use your IP address for authentication, the SaaS service would cause them to break. Thankfully this issue is resolved relatively easily by adding these web sites to the previously mentioned exclusion list. Unfortunately the process to collect which sites may be impacted can be quite difficult and certainly means that a pilot should be completed before any wide scale implementation.
Shared infrastructure: Although I previously mentioned the advantages of using the shared infrastructure, there is also a disadvantage. Depending on the SaaS providers setup it is possible for other users web browsing habits to impact your own. For example, as users will share an external IP address it means that if someone misbehaves on a major website (such as Google or Amazon) and gets black listed your company will also be blocked. This issue can be resolved if your SaaS provider has an isolated (sand boxed) infrastructure, however not all do so it is important to check this point.
For more information on SaaS be sure to check out some of the providers web sites, such as ScanSafe.