By John Yeoh, Senior Research Analyst, Global, Cloud Security Alliance
Numerous security vendors are now leveraging cloud-based Security as a Service (SecaaS) models to deliver security solutions. This shift has occurred for a variety of reasons including greater economies of scale and streamlined delivery mechanisms. However, these SecaaS offerings can take many forms causing market confusion and complicating the selection process. Customers are increasingly faced with evaluating security solutions, which do not run on premises, and need a better understanding of these offerings to evaluate the security risks and the shared responsibility over the security of systems for which they are accountable.
In order to improve the perception and reputation of these services, Security as a Service requires a clear definition and direction to ensure it is understood and to improve the adoption across industry sectors. This will lead to greater awareness, understanding and knowledge of SecaaS and its functions.
The CSA SecaaS Working Group is working to address these challenges by working with experienced knowledge leaders and intelligent market research in the industry to align with cloud governance best practices, document use cases, identify standards requirements, and create other innovative research artifacts. The group’s research will allow the intended users to create guidelines for implementing SecaaS offerings, support those looking to purchase SecaaS solutions, and aid those tasked with implementing or auditing them.
Today, at the RSA Conference, the SecaaS Working Group is releasing “Preview of Security as a Service Functional Domain Definitions – Including Continuous Monitoring.”
Continuous Monitoring has been recognized as a new category that the working group has addressed. This overview document is the first in a series of business, technical, and implementation guidance documents for the following security service categories:
- Business Continuity and Disaster Recovery
- Continuous Monitoring
- Data Loss Prevention
- Email Security
- Identity and Access Management (IAM)
- Intrusion Management
- Network Security
- Security Assessments
- Security Information and Event Management
- Vulnerability Scanning
- Web Security
For more information, visit CSA Security as a Service.