Computerworld -
Organizations that are looking for security features including identity management, encryption and access control -- and at the same time want to take advantage of the cost and flexibility benefits of the cloud -- might check into security-as-a-service offerings available now from several vendors.
In this scenario, security is delivered as a service from the cloud, without requiring on-premises hardware. "The largest benefit to using security as a service is the ability to avoid sometimes substantial capital outlays," says Lawrence Pingree, a research director at Gartner Inc. who covers the security market.
In addition, Pingree says, some of the cloud-based security services provide the flexibility needed to address certain use cases. For example, email filtering services are popular since some mobile device platforms limit the ability for endpoint protection products to run on them.
Computerworld - Organizations that are looking for security features including identity management, encryption and access control -- and at the same time want to take advantage of the cost and flexibility benefits of the cloud -- might check into security-as-a-service offerings available now from several vendors.
In this scenario, security is delivered as a service from the cloud, without requiring on-premises hardware. "The largest benefit to using security as a service is the ability to avoid sometimes substantial capital outlays," says Lawrence Pingree, a research director at Gartner Inc. who covers the security market.
In addition, Pingree says, some of the cloud-based security services provide the flexibility needed to address certain use cases. For example, email filtering services are popular since some mobile device platforms limit the ability for endpoint protection products to run on them.
Some security-as-a-service vendors
A growing number of companies are offering security capabilities as a service. Here's a sampling of cloud-based services available today.
CA Technologies'CA CloudMinder provides a set of identity and access management (IAM) capabilities as hosted cloud services. CloudMinder service infrastructure is hosted and monitored by CA.
Qualys'QualysGuard is an on-demand vulnerability management, policy compliance and asset management system.
Symantec'sSymantec O3 Cloud Identity and Access Control is a cloud-based platform that provides access control, information security and information management. The service enables single sign-on across any Web application.
Other use cases include virus protection, vulnerability management, identity management and single sign-on. Gartner forecasts that cloud security services will grow from $1.9 billion in 2012 to $4.2 billion in 2016, with a compound annual growth rate of 23%.
Here's how three companies have integrated cloud-based security services into their IT infrastructure -- and how they've protected themselves from service outages, data breaches and other risks that come with placing corporate security in the hands of an outside organization.
Email continuity and virus protection
When it comes to protecting a business from malware, cloud services are often "ideal for providing both the centralized distribution and flexibility" that security providers need to distribute information to their customers, Pingree says. It's also a good fit for some customers, because they can rely on vendors to keep malware definitions updated without having to do that themselves.
Sirva Inc., a Westmont, Ill., provider of corporate relocation services, has been using cloud services since 2009. That's when Sirva deployed Symantec Corp.'s Email Continuity cloud service, a standby email failover system that provides virtually uninterrupted access to email in the event of a mail server outage.
With security-as-a-service, Sirva's saved around 25% off the cost of on-premises software, according to Adam Diab, the company's manager of contract and solution delivery.
Over the next few years Sirva adopted other cloud-based services, including a URL-blocking application from Websense Inc. and a penetration-testing service from WhiteHat Security.
By the end of March, Sirva expects to begin using Microsoft's Office 365 cloud service, which includes security functions such as anti-spam, anti-virus, identity management and email encryption, says Adam Diab, manager of contract and solution delivery at Sirva.
The biggest driver to moving security and other IT functions to a services model is cost reduction, Diab says. Costs of on-premises hardware and software have been mounting, he says. Many of the company's IT vendors were charging Sirva for disaster recovery (DR) services even when the company was not using these services.
Small and midsize businesses are moving to the cloud to host their communications capabilities. Learn how enterprise-quality phone benefits, online management, conferencing, auto attendant, and ease of use are built into a system that is half the cost of a PBX.
Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
A Comprehensive Strategy to Leverage Mobile
A successful mobile strategy begins with a common platform for integrating and managing mobile devices and the corporate assets that are stored on...
The App Happy Enterprise
This Computerworld playbook explores key aspects of the enterprise mobile revolution and provides a set of step-by-step directions on how to productively manage...
MFT and FileXpress - An Overview
Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity.
You are previewing premium content. 
Free Insider Guide