As the use of cloud technology continues to thunder along, it has given rise to a number of new industries and opportunities for IT teams globally. One example of this is the use of cloud-based security solutions - hosted by a provider and usually sold on a flexible subscription license.
These new generation of security products, known as SECaaS (Security-as-a-Service), are quickly gaining traction among IT leaders keen to adopt cloud-first strategies.
As a result, the SECaaS market today is already estimated to be worth 7.6bn USD and growing. Unsurprisingly, VARs (Value Added Resellers) are keen to explore this brave new world and get an early foot in a space which is likely to dominate IT security strategy for decades to come.
If you are a VAR looking to offer SECaaS solutions or an IT leader interested to see what types of security functions you can outsource to the cloud, it can be tough to get a clear idea of what is available.
To help, we have put together the top four solution types which we think are clear winners of large-scale adoption and best suited to the SECaaS model.
1. CASB (Cloud Access Security Broker)
Perhaps the least well-known of the four we have listed in this blog, CASB refers to a number of solution types which provide centralised authentication and access services to software and solutions, which are used by the users of a particular organisation.
For example, the users of a typical network might on a daily basis access email, office productivity software, file sharing software, a CRM and maybe an ERP solution. Each of these solutions are hosted in different places (some on-site and some in the cloud), some might have local authentication and others might have been federated.
To make things a little easier and to ensure that authentication is centrally managed, CASB solutions act as a broker to such software, as their name suggests. The user will be expected to sign into one portal, possibly using MFA (Multi-Factor Authentication) and will then be presented with a portal of all their authorised applications, which they can open and be logged into using single sign-on.
Because of the increased use of cloud solutions in the workplace and the increased use of federated identities through SAML v2 enabled user repositories such as Microsoft Azure, cloud-based CASB solutions are growing in popularity – and of course can be accessed from anywhere.
[You may be interested in attending our VSEC conference "Building Leaders in the Emerging Security As-A-Service Market"]
2. Email Security
Probably one of the original SECaaS solutions, email security solutions are both the most basic level of security applied to a company network, and the most important. It is almost impossible to find a business today which is not highly dependant on the availability of email systems to ensure operational efficiency.
Traditionally, an email security scanning tool which would filter emails for malicious content, spam and even content which went against company policy would be placed at the perimeter of the network. DNS and email servers would be configured to use the solution as a gateway upon which outbound email would pass through last and inbound email would pass through first.
It is very common today, probably because of the popularity of Microsoft Office 365, to have email security and email servers hosted in the cloud.
Email clients connect directly to a cloud email server or email is accessed through a web-based interface instead – with the obvious benefit outside of security being that email can be accessed from anywhere that an internet connection is available.
3. Network Device Management
Once upon-a-time, network devices such as WiFI APs (Access Points), switches and routers were managed either by a centralised hardware/software controller or by software hosted directly on the devices themselves.
Many of todays network devices have moved their controller functionality to the cloud, freeing up rack-space and giving greater power to the management of those devices. For example, network devices commonly include micro segmentation security features such as firewalls on each WiFI AP – these can be used to scan traffic from wireless devices and have that traffic pattern matched against an engine in the cloud looking for malicious packets.
In order to connect to centralised cloud management services and maintain security, network devices will maintain a secure connection outbound from the network, querying for new instruction or changes to their configuration files.
[You might also enjoy reading "Why Security-as-a-Service (SECaaS) is Getting all the Attention"]
4. Vulnerability Scanning
Scanning for exploitable vulnerabilities in software and hardware hosted inside of the network is nothing new; and is a requirement for a number of industry standards and regulatory compliance frameworks.
Traditionally, hosted on a server or a virtual machine in the form of software which will periodically scan devices in the network for known vulnerabilities present in its database, which is updated as frequently as hourly. The result is a list of problem areas which, if of any use, will also be listed in order of severity.
SECaaS flavours of vulnerability scanning are no different functionally and still perform regular scans for the purpose of producing actionable reports. However, the scheduling, management and reporting is centralised in the cloud.
An agent or lightweight virtual machine is hosted in the network, awaiting instruction to perform and scan, which the results of it returns to the cloud. Having an on-site element in this case might seem counter to cloud adoption however, for the purpose of security, it is fundamental as performing a scan from the cloud would require an unacceptable level of network access between the network and the internet.
Much like the management of network devices, the agent maintains a secure connection out the cloud, querying periodically for commands to execute.
