Why Security-as-a-Service is Poised to Take Off

There is a growing shortage of cybersecurity resources — skills, tools and processes — while at the same time the threatscape, both internal and external, is expanding. “Companies are worse off by 100% [with cybersecurity] compared to 10 years ago because the world is more complicated now,” said Gartner analyst Avivah Litan.

Trillions of dollars are at stake, as well as intellectual property and national security considerations. With the evolution to a 24×7, anywhere, anybody/thing (IoT) digital world powered by networks, one in which network reliability and security become more critical than ever, it is time to move to a security as a service (SECaaS) solution.

Adoption of cloud computing — and SECaaS — is skyrocketing. By 2020, 85% of large enterprises will use a cloud access security broker solution for their cloud services, up from less than 5% in 2015. According to a recent survey, 80% of organizations’ IT budgets will be dedicated to cloud computing services within the next 16 months, with security-as-a-service accounting for the second biggest slice of spending (79%), behind only IaaS (Infrastructure-as-a-Service) at 81%. By 2020 the SECaaS market will exceed $8.5 billion, growing at a 22.2% Compound Annual Growth Rate from last year’s $3.12 billion.

It’s easy to understand why SECaaS is gaining momentum. In addition to offering a portfolio of prevention, detection and resolution services — including email encryption, SIEM (security information and event management), IAM (identity and access management), endpoint protection, IDS/IPS, DLP (data loss prevention) and DRaaS (disaster recovery as a service) — that customers can pick and choose from, these services are:

• budget friendly: they are typically charged on a monthly basis (so they can come out of your OpEx instead of CapEx budgets);
• are more easily managed by the XSP — cloud (CSP), managed (MSP) and managed security (MSSP) — especially when a typical security portfolio can consist of 10 or more different vendors’ products and thousands of potential threats on a daily basis;
• more experienced, with more expertise: their only focus is on keeping you secure; and,
• can be more easily kept current — and therefore more effective — with the latest updates.

However, while outsourcing your security is the better choice, it doesn’t mean all your protection concerns will go away. You can offload the responsibility for some or all of your organization’s protection to a growing number of suppliers but you’re still accountable for that protection.

In a recent series of CIO forums that addressed outsourcing security, attendees expressed concerns about responsibility versus accountability, regulatory challenges, the increasing speed of changes impacting all aspects of an organization and the agility required to keep up with those changes, as well as advances in technology and new approaches like network segmentation and micro-segmentation.

With the increasing vulnerability of a perimeter-based approach to cybersecurity, i.e. keeping the bad guys out, companies are looking at alternative strategies, including network segmentation (i.e. zoning and micro-segmentation) and software-defined security (SDS). While not new, network segmentation and micro-segmentation — splitting networks into logical (or physical) subnetworks (segments) — are drawing new attention with the spread of software-defined networking (SDN). Security policies can be tailored for each segment, and minimize the risk of breaches spreading throughout an organization.

Juniper Networks’ approach to cybersecurity is centered on what it calls Software Defined Secure Networks (SDSN), a platform that combines policy, detection, and enforcement with a comprehensive product portfolio that centralizes and automates security. Leveraging cloud economics to find and stop threats faster, it provides end-to-end network visibility that secures the entire network, physical and virtual.

Regardless of your size and protection concerns, adding security as a service to your cybersecurity portfolio is increasingly a question of when, not if. And while it won’t solve all your security issues, or absolve you of responsibility or at least accountability for that protection, it will provide you with greater safety at a lower cost.