Application sprawl and time-consuming in-house deployments rank as the major drivers for software-as-a-service or cloud-based content security tools, according to a new study by Infonetics Research.
The Campbell, Calif.-based research firm interviewed IT decision-makers at 240 U.S. and Canadian organizations, ranging from SMBs to large-scale enterprises in a wide variety of vertical markets.
While the numbers showed that 60 per cent of survey respondents that were planning to roll out a SaaS tool cited strength of security as a chief driver, the story behind the numbers was that most of these companies were combating spyware, adware, and other content-related attacks using a mishmash of anti-virus products, gateway appliances and gateway software.
“It’s an implementation issue,” said Jeff Wilson, a principal analyst for network security at Infonetics Research. “The technology is available for you to do it yourself, but people find that in practice, they aren’t being that effective.”
He added that many companies feel they are losing control over their product spending for content security, because they have to reactively buy products to protect against emerging threats. For an increasingly large number of companies, moving to the cloud for content security is an easy and effective way to deal with this.
“Sure, there are regulatory concerns for some, but for the vast majority of companies, it’s just a huge headache that 99 per cent of e-mail is spam,” he said. “They just don’t want to deal with it anymore and they really don’t care how it gets fixed.”
Wilson added that cloud-based tools are also gaining traction because of their ability to provide improved security for mobile workers.
“Most companies can provide amazing, bullet-proof strength security at their data centres, branch offices and headquarters, but they don’t usually extend that out to everyone, where they are and whatever device they’re using,” he said.
With more IT shops beginning to consider this approach, at least one cloud-focused vendor has started trying to get organizations to look even further into the crystal ball.
Eric Baize, a senior director at RSA’s secure infrastructure group, spoke to ComputerWorld Canada earlier this month. He said that cloud technologies could deliver a unique opportunity to embed “specific security controls,” taking them away from the application layer and putting them directly in the infrastructure.
“The security enforcement of the policy becomes handled by the virtual infrastructure instead of being handled by the application,” he said. “This is a very important technological shift.”
Baize added that security has historically been handled as an afterthought in the evolution of technological infrastructure over the last 20 years, referring to the development of the virtual private network (VPN) to bring encryption to the Internet.
But for Wilson, this message is a flawed one and will be a difficult to sell to the vast majority of IT shops.
“The cloud is no inherently more secure, it just gives companies access to technologies and practices that they haven’t been able to implement on their own for cost or manpower reasons,” Wilson said.
“You could theoretically make your smart phones as safe as all of your other devices, but at what cost and at what resource, that’s the question,” he added.