a product can do, or b) better than
what it could do with the product,”
he says.
Indeed, all sorts of SaaS-based
security services have emerged,
including data loss prevention,
encrypted storage, identity
management, messaging and
email security, secure document
and content sharing, Web content
and URL filtering, Web application
firewalls, and vulnerability scanning and assessment. In 2010,
11.5% of the enterprise security
budget went toward outsourcing
and managed security services,
and a slight increase is expected
this year, Penn says.
Hochmuth agrees. In its cloud
security survey, IDC found that
two-thirds of enterprise respon-
dents either already do or plan to
use cloud-based or SaaS services
in security-related areas within
the next one to two years. Web
and messaging security, with
their inherent network nature, are
particularly hot areas for security
SaaS, he says.
Security SaaS either replaces or
complements traditional security
measures, whether protection
requirements are entirely changing
or simply evolving. Either way, IT
must consider a provider’s operational expertise. One way to go
about that, Penn suggests, is to
check out reference accounts. “
Talking to similar customers can be a
proxy for deep analysis of a provider’s architecture,” he says.
Sterling Savings Bank made that
