Security as a service (SECaaS) is a business model in which a large service provider integrates their security services into a corporate infrastructure on a subscription basis more cost effectively than most individuals or corporations can provide on their own, when total cost of ownership is considered. In this scenario, security is delivered as a service from the cloud, without requiring on-premises hardware avoiding substantial capital outlays. These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, and security event management, among others.
Outsourced security licensing and delivery is boasting a multibillion-dollar market. SECaaS provides users with Internet security services providing protection from online threats and attacks such as DDoS that are constantly searching for access points to compromise websites. As the demand and use of cloud computing skyrockets, users are more vulnerable to attacks due to accessing the Internet from new access points. SECaaS serves as a buffer against the most persistent online threats.
SECaaS are typically offered in several forms:
Security as a service offers a number of benefits, including:
SECaas has a number of deficiencies that make it insecure for many applications. Each individual security service request adds at least one across-the-'Net round-trip (not counting installer packages), four opportunities for the hacker to intercept the conversation:
SECaas makes all security handling uniform so that once there is a security breach for one request, security is broken for all requests, the very broadest attack surface there can be. It also multiplies the rewards incentive to a hacker because the value of what can be gained for the effort is dramatically increased. Both these factors are especially tailored to the resources of the nation/state-sponsored hacker.