The Newbie’s Guide to Security as a Service (SECaaS)


A Newbie's Guide to SECaaS
There are a few things to look out for when outsourcing security to professionals via Security as a Service.

What is Security as a Service?

When you come across mention of “Security as a Service”, or “SECaaS” for short, people are most likely referring to web-based security solutions that are delivered over the cloud. However, Security as a Service is better defined as a general business model for outsourcing cybersecurity capabilities. Often offered on a pay-per-feature or usage-based pricing, SECaaS security options have been enjoying much popularity thanks to the low cost and technology barrier for adoption.

Economies of Scale

There are an estimated 1 million unfilled security jobs worldwide, according to Cisco. Not only are companies struggling to establish a good team of in-house IT security experts, many simply can’t afford it. However, as with all other “_______ as a Service” models, cost efficiencies can be achieved through subscription-based services as infrastructure and manpower investments are shared, alongside any associated maintenance burden. For IT security newbies out there, cloud-based security eliminates the need for hiring costly analysts to manage security in-house.

This benefits vendors too. By outsourcing security solutions, security vendors and services are also able to maximize utility of their expertise, in serving more customers and environments. Better still, delivering services over the cloud allows them to bring much-needed cybersecurity capabilities beyond traditional or regional markets.

Cloudbric itself is an example of SECaaS that can be deployed as both “Software as a Service” (SaaS) and on-premise solutions.

Importance of SECaaS to the Cloud

cloud-based security

Unlike what you’d expect, small businesses (or SMBs) aren’t the only ones utilizing the cloud. With the advent of big players like Microsoft and Amazon launching their own public cloud platforms like Azure and Amazon Web Services (AWS), enterprises are also moving their data to the cloud and leveraging cloud computing infrastructure to deliver scalable, competitive services to their customers. According to Gartner, SaaS are now considered “mission critical.”

And what is driving this move? Security as a Service.

There is a growing need to establish security assurance in cloud computing environments and the ability to deploy enterprise-grade, cloud-based security helps mitigate some of the risks associated with cloud adoption.

Types of SECaaS Solutions

So let’s get started on the basics — what kinds of Security as a Service options are there out there?

Some of the most common SECaaS offerings in the market include:

  • Web Application Firewall (WAF)
  • Security Information and Event Management (SIEM)
  • Identity Management
  • Encryption

By utilizing SECaaS, businesses can leave all these tasks to be run by experts in each field, and therefore devote resources to other core competencies. However, the question is — do these solutions meet your company’s needs?

What to Look Out For

guideline for cloud security service

#1: Integrated/Interoperable Solutions

Fortunately, because cloud services are often provided on-demand, companies can transition between competing vendors services rather than being constrained to a particular vendor’s proprietary software.

However, it is better if your security vendor can provide multiple services as a package. One might be tempted by the variety of tools available from a multitude of vendors, but you don’t want to end up with a Frankenstein of incompatible solutions resulting in data fragmentation and information gaps that may bring your business to a standstill instead of protecting it.

#2: Lower Total Cost of Ownership (TCO)

Ever subscribed to an amazing service only to find out that the actual cost of utilizing it in any reasonable way adds up to a hefty sum? Preparing a list of features you need will help when comparing price plans.

Imagine you need the following for two websites:

  • WAF for blocking hacking attempts
  • Custom SSL support
  • DDoS Protection

Requiring custom SSL support and DDoS protection can set you back by $19.98/month for Sucuri, or $200/month for Cloudflare.

However, because Sucuri charges per website, it’ll actually be a total of $39.96/month! Traffic-based pricing in this case will make more sense for websites that don’t get a high volume of monthly traffic.

For any number of websites with a total of less than 10GB of monthly traffic, that’s just $29/month when using a service like Cloudbric — or absolutely free for websites going under 4GB/month.

#3: Built-in Reporting

Oftentimes, an overview report on major security happenings can be beneficial for business needs. When outsourcing security to a third party, it’s also good to have possession of complete attack logs in case you need to perform audits.

Look out for solutions with a simple user interface that streamlines information important to users. An intuitive dashboard and downloadable monthly reports are great features to keep security management low-touch.

#4: Reliable Customer Support

The great thing about outsourcing your cybersecurity is that you gain a new source of technical support. Rather than letting security out of your hands, your SECaaS implementation process can be seen as an opportunity to work closely with experts to help you understand and optimize your security.

While cloud services may not be as customized as on-premise options, good technical support can go a long way in helping you tailor settings to your needs and extract maximum value from your SECaaS. In the event that your site experiences any adjustment issues, you should be confident that it’ll be dealt with right away.

Ready to Deploy

“Cloud services” may be a buzzword people throw about alongside impressive growth figures, but those who claim its importance often don’t explain what makes cloud services popular and how to discern if they fit your needs. If you’re a newbie to SECaaS, we hope this guide helps you navigate the various Security as a Service option and weigh their pros and cons.

For more tips on cloud security, check out our other blog post on The Big Three Questions for Cloud Security.


Editor’s Note: This post was originally published in September 2015 and has been updated for relevance and comprehensiveness.