Security as a Service is a subset of Software as a Service (SaaS) that lets enterprises host network security and monitoring services in a public or hybrid cloud, instead of placing appliances on premises.
Why use cloud security services?
Security as a Service can have a number of advantages over on-premises network security. One of these benefits is lower cost, since there is no capital expenditure involved and services can be bought on a per-user, subscription basis. Beyond cost, Security as a Service is quick to deploy, requires little maintenance, is scalable and supports mobile users. If cloud providers live up to their service-level agreements (SLAs), these cloud-based security services can be reliable enough to replace some on-premises security tools.
Moving all network security functions to the cloud is a big leap, but there are a few use cases that are a natural fit. They include:
Identity and access management (IAM): Even with identity management services in the cloud, enterprise network administrators can still maintain enough control to create, manage and delete role-based identities, implement passwords and use other biometrics technologies. Administrators who authorize access to the data mitigate risks of digital identity hacks and notify the user or a supervisor about attempted identity theft, just as if the appliance were on-premises.
Intrusion detection and prevention (IDP): With cloud-based intrusion prevention and detection, services administrators get the same kind of network traffic inspection, behavioral analysis and automated or manual intrusion responses as they would with an on-premises system. Cloud-based intrusion prevention services still allow administrators to set and manage policy that governs network access.
Security information and event management (SIEM): Cloud applications lend themselves easily to monitoring and auditing, and these features are key to SIEM. SIEM is accomplished by logging events and security information from traditional security systems (IDP, anti-malware), management systems (Active Directory, IAM) and network systems. Information gathering and management can all be performed from the cloud.
In moving SIEM to the cloud, administrators must be sure that log information meets specific regulatory and compliance requirements and that the provider can guarantee SLAs for performance requirements.
Email security: Appliances that protect email can also be placed in the cloud; however, administrators must be sure that cloud providers meet the same security requirements that would be met on the enterprise premises -- and these can vary. For example, cloud providers must be able to encrypt email at rest and enforce government and industry-specific regulatory compliance.
Prepare for cloud-based security services
More on cloud security services
Finding the right managed security service provider
Cloud-based security services: Benefits and risks
Expert answer: Does IPv6 introduce security problems in multi-tenant clouds?
When implementing cloud-based security services, network professionals must assess the viability of the cloud architecture they're trusting.
In considering a cloud provider, be sure to conduct security assessments and audits of cloud-based systems. This process must include:
- Network and system vulnerability assessments
- Server/workstation/mobile device compliance assessments
- Cloud/hypervisor infrastructure assessments
Combine the results of these assessment types into an overall risk rating to indicate the security posture of an organization.
Enterprises must work with cloud providers to be sure the appropriate encryption is in place to protect against unauthorized access. Network pros must apply encryption to all critical data. At a minimum, enterprises must determine the sensitivity level of data to be protected and check the maturity of encryption tools for data transit.
Security providers must have a backup plan
While enterprises often turn to cloud for backup and disaster recovery, they must also be sure that cloud providers offering cloud security services have a business continuity/disaster recovery plan of their own. These plans must ensure the continued operations of SaaS, Platform as a Service and Infrastructure as a Service.
Demand an SLA that includes a backup and recovery plan, and be sure the agreement covers recovery time objective/recovery point objective (RTO/RPO) as well as performance and bandwidth baseline requirements.
About the author:
Judith M. Myerson is a systems architect and engineer, as well as a freelance writer. Her areas of interest include middleware technologies, enterprisewide systems, database technologies, application development, network management, distributed systems, wireless technologies, robotics, component-based technologies, security, cryptography and project management. She is the editor of the Enterprise Systems Integration Handbook, Second Edition.