Making Security-as-a-Service work harder for you

David Sandin, product manager of Clavister shows how new approaches to security-as-a-service delivers real benefits to both hosting providers and their customers.

  • Monday, 24th June 2013 Posted 11 years ago in by Phil Alsop

Being able to provision and manage virtual Next-Generation Firewalls as a service for your customers offers many benefits to them: strong network protection, flexible deployment, low or no upfront capital costs, automatic security updates, and easy management and support.


This offers a great opportunity to broaden your service offering, and to upsell existing customers. In TechTarget's 2013 IT Priorities Survey of over 1,700 IT professionals, 19% said they plan to use external security-as-a-service offerings. This is being driven by companies struggling to keep up with the increasing numbers and pace of security threats.


What’s more, it is the smaller businesses that are experiencing the largest increase in breaches: the UK Government’s 2013 security survey found that attacks against firms with fewer than 50 staff had grown by 50% compared with a year ago. In many cases, smaller companies may lack the IT resources and time to keep up with evolving security issues – which in turn makes security-as-a-service (SECaaS) offerings attractive, because much of the time-consuming set-up, management and reporting functions are handled by a partner.


So there’s certainly the market demand for more, hosted security services. But while these are easy and convenient for the customer, they may not be as convenient for you to deliver.


First, offering the service demands upfront investment from you, in purchasing the security gateways and appliances, as well as the overhead of provisioning, managing and updating the appliances on your customers’ behalf. Also, delivering the services effectively can sometimes require in-house, detailed product expertise – which could be a barrier preventing some hosting providers from taking advantage of the SECaaS opportunity.


Services for mutual benefit
So why shouldn’t you, as a hosting provider, also get the same benefits from the Next Generation Firewall SECaaS proposition as your customers? Why shouldn’t vendors be able to offer virtual security appliances, ready-made and provisioned for a hosted service offering, as a service both to their partners and to end-users?


This approach would mean that hosting providers can offer fully managed security and network access control as a service to their customers, with the benefits we mentioned earlier of no upfront capital investment, flexible deployment, easy provisioning and management, and so on.
Crucially, the service provider gets exactly the same benefits as their customer – simply reselling SECaaS at a healthy margin. This enables the partner to achieve profitability on the service from day one, and maximise the use of their existing service delivery and management skills.


Reaping rewards
For hosting providers and end-users alike, this end to end SECaaS model delivers several compelling advantages. It’s fully flexible and scalable: the provider simply establishes the customer’s need, and does not need to worry about delivery issues such as available capacity, ports or performance. Instead, the provider simply requests the appropriate specification from the vendor, who in turn fulfils the requirement through the provider. If the customer needs to expand or shrink their use of the service, the request is again simply passed to the vendor for handling. The customer can perform some of the security management tasks themselves, or the provider can handle these as part of the overall SECaaS package. In either case, neither customer nor partner needs to worry about product issues such as using the latest OS version, or updates: they can simply focus on what’s right for their respective businesses and let the vendor handle the product maintenance and updates.


The security features available can also be chosen according to customers’ needs: standard protections could include firewall, VPN remote access capability, round the clock management and reporting. Additional Next-Generation Firewall features could be available on demand, such as, application control, user identity awareness, anti-virus, intrusion detection and prevention and web content filtering, for more comprehensive security, with these available at an extra cost increment per month. The vendor can also help with defining customers’ security policies with a range of pre-defined policies that can be modified by the partner or customer, while reporting as part of the service helps the customer’s IT teams gain a better understanding of activity on their networks.


In conclusion, traditional SECaaS offerings have been attractive to end-users, but haven’t extended the full range of benefits to the provider. Both providers and customers should be able to benefit from virtual Next-Generation Firewalls with a SECaaS business model. This would give customers easy, flexible “set and forget” security, and partners a healthy recurring revenue stream that immediately generates profit, without demanding upfront capital investment, while enabling them to focus on their core strengths of delivering services. Most importantly, it would let both parties focus on growing their business.