CSA offers guidance for Security as a Service
Security as a Service (SecaaS or SaaS) is a cloud computing model that delivers managed security services over the Internet. SecaaS is based on the Software as a Service (SaaS) model but limited to specialized information security services.
Numerous security vendors are now leveraging cloud-based models to deliver security solutions – a shift has occurred for a variety of reasons, including greater economies of scale and streamlined delivery mechanisms. As a result, businesses of all sizes are now faced with evaluating security solutions which run in a hosted or web-delivered environment rather than on-premises. The CSA maintains that IT managers need to understand the unique nature of cloud-delivered security offerings so that they are in a position to evaluate the offerings and to understand if they will meet their needs.
The new report, prepared by the SecaaS Working Group, provides guidance for best practices on “how to evaluate, architect and deploy cloud-based SIEM services to both enterprise and cloud-based networks, infrastructure and applications,” it said.
Numerous security vendors are now leveraging cloud-based models to deliver security solutions – a shift has occurred for a variety of reasons, including greater economies of scale and streamlined delivery mechanisms. As a result, businesses of all sizes are now faced with evaluating security solutions which run in a hosted or web-delivered environment rather than on-premises. The CSA maintains that IT managers need to understand the unique nature of cloud-delivered security offerings so that they are in a position to evaluate the offerings and to understand if they will meet their needs.
"In many conversations with IT leaders today we discovered a common problem: they need a simple way to understand systems, processes, current policies and procedures and be able to evaluate how the cloud may help them realize lower IT security costs, improve best practices, and perhaps most importantly, communicate that to their management team," said John Howe, COO at the CSA, in a blog post. "After all, a move to the cloud needs to be a strategic one."
To that end, the main thrust of the new research is to simply define what SecaaS means to organizations and provide guidance on how these new practices should be best implemented, according to Jim Reavis, co-founder and executive director for the CSA.