A major evolution in cybersecurity has been underway for many years, and continues to gain momentum. This blog’s title is the dead giveaway on what it is: Security-as-a-Service (SECaaS).
In Frost & Sullivan’s research on market trends, we have noted this trend across all cybersecurity technology categories. Vulnerability Management-as-a-Service (VMaaS) is an example of this trend. Back in 2014, VMaaS accounted for 23% of market demand for vulnerability management solutions across all form factors (physical appliances, virtual appliances, licensed software, and VMaaS). Fast forward to 2018, and the percentage increased to 37%.
We predict VMaaS will account for 51% in 2022.
Why is demand for SECaaS outpacing other form factors? My answer to this question is summarized in four reasons:
- OpEx Model – When the idea of the cloud was new, shifting from a capital expense (CapEx) to an operating expense (OpEx) model was often cited. While true to an extent, this “how to pay” for technology masks more nuanced reasons. First, the cost of technology, whether owned or rented, continues to decline. So, moving to cloud services isn’t where the big bang-for-the-buck comes in. The real bang is human capital. Talented humans (i.e., IT practitioners) are still needed to install, configure, maintain, and replace technology; and the cost of humans has only gone in one direction—up. And, frankly, these IT tasks are not competitive differentiators for most organizations. So, the outsourcing of human capital to cloud service providers is where the real economic appeal begins. Second, and where the economic appeal multiples, is the cloud provider spreading the cost of its human capital across its user base, and devoting its existence to reducing the number of humans involved and increasing the productivity of each remaining human. SECaaS providers leverage these favorable economics into their offerings, just as other cloud users do in their businesses.
- Cybersecurity Sprawl — While the previous point is a generic pull to the cloud, each technology offered as a cloud service has a corresponding and unique push. With cybersecurity, that push is sprawl. Essentially the sprawl argument is this: the extra weight of another piece of cybersecurity technology, to address another aspect of cyber risk that previous investments in on-premises technologies are inadequate to address, has reached a tipping point. The added complexity of incrementally more on-premises cybersecurity technologies can actually be counterproductive—overall security readiness and posture stalls; or worse, declines. SECaaS won’t completely eliminate sprawl (there will still be more and different cybersecurity technologies needed); but it does shift the management of the infrastructure that hosts cybersecurity technologies to the more efficient cloud provider. Also, the migration to SECaaS is a pathway for businesses to sunset aging on-premises deployments, and start and scale anew with a SECaaS offering optimally suited to their needs.
- Data – Cybersecurity runs on data, and data powers the engines of artificial intelligence and machine learning that are so integral to advancing cybersecurity’s effectiveness. A cursory review of cloud providers’ initiatives reveals that big data and analytics are core to their growth strategies. Providers of SECaaS offerings have recognized that they can better serve their customers by leveraging the big data and analytics investments of cloud providers rather than creating these foundational building blocks themselves. Also, with more business run in the cloud, more data used in cybersecurity originates from within the cloud. Storing and using data near data’s point of origination is more efficient than transporting data. For SECaaS users that are increasing their cloud footprints, there are efficiency gains from in-the-cloud proximity.
- Cloud-Native Applications (CNA) – SECaaS providers are software development companies. Their long-term existence and competitive advantage depends on being agile and efficient at software development and delivery—that is, incorporating continuous integration and continuous delivery (CI/CD) into their development and delivery practices. Here again, cloud providers are supporting this need by offering CNA, such as containers and serverless functions. Hosted in the cloud, cutting-edge SECaaS providers embrace CNA to drive innovation and differentiation into their offerings.
The market has spoken; SECaaS is increasingly becoming a dominant means for organizations to consume the cybersecurity technologies they need. In my opinion, the reasons why are non-reversing and will grow stronger over time. If your organization has not yet evaluated SECaaS, my advice is it should.
We are native to the cloud, and through the evolution of our technology and market demand, Digital Defense’s Frontline.Cloud platform continues to provide organizations with a robust, yet easy to deploy security solutions that can be trusted to deliver unparalleled results, while lifting the administrative burden associated with premise and hybrid solutions.