Shared computing services have come full circle. What was once known as “time sharing” was necessary due to the high cost of computing. As mini-computers took over, traditional software companies began to offer their applications over the Internet as Application Service Providers. This gave way to Software as a Service, Managed Service Providers, and now Cloud Computing. The names have changed, but the business case has remained constant; a vendor provides management of computers and software so that its customers can focus on their core businesses. For the customer, the result is a lower capital cost, accelerated time to value, and predictable operating expenses.
The model makes sense. If a central organization can manage their specialized software and the required hardware, their customers’ lives are simplified. We’ve seen successful models across markets, including Salesforce.com, DemandWare, NetSuite and Ultimate Software. Security offerings trailed the market, though are catching up; Veracode and Qualys provide cloud security services exclusively.
The argument against using third parties for security has focused around control. Some organizations believe that having the tools reside on premise and operated by full time employees provides the most reliable model. More importantly, they don’t want their security information (often vulnerabilities in unpatched infrastructure or applications) “in the cloud."
In most cases, a stronger argument is to leverage the resources and expertise of a trusted partner/vendor. Security resources are scarce in every organization. Learning to use a security tool properly, whether in configuring it or analyzing the results, requires specialized skills. Recently, this has driven the market for web application penetration testing by scores of security service vendors. A good managed service model will provide 24x7 monitoring and timely alerts. Just as important, it can provide the appropriate contextual and actionable information for internal teams.
If running the software yourself is impractical and outsourcing the responsibility is undesirable, a third model is emerging; on premise hosting of the software/hardware. In this model, the vendor supplies and manages the hardware and software to the application level, while the customer runs the application itself. All management and results remain with the customer, but IT responsibilities remain with the vendor. This "best of both worlds" approach allows organizations with available security bandwidth to manage their own security software without burdening IT with supporting another application. Up front capital expenses are minimized and concerns about third-parties accessing sensitive data are eliminated.
Customer Spotlight: Deploying a Data Protection Program in Less Than 120 Days
Michael Ring, IT Security Architect at Jabil Circuit shares how they deployed Digital Guardian to over 40,000 users in less than 120 days. Watch the webinar on demand now.
Related Articles6 Best Practices SMBs should Adopt to Protect their Data
Small and midsize businesses have emerged as a popular target for cyber criminals. Here are six best practices SMBs should adopt to bolster their data protection efforts.Friday Five: 2/1 Edition
Apple vs. Facebook, Ohio's Data Protection Act, and India's largest bank exposes the data of millions - catch up on some of the week's biggest infosec news with this roundup!New Bill Would Create Federal Data Protection Agency
New legislation, introduced today, would give the agency authority to enforce data practices, launch investigations, and issue subpoenas.