Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Some security products make more sense delivered as a service than others, according to John Pescatore, who specializes in security and privacy as a vice president and research fellow at Gartner Research. It makes sense, he says, that most e-mail security products are based in the cloud, since e-mail comes to organizations through the Internet and can be filtered before arriving. Denial-of-service attacks, which involve flooding a computer server with dummy requests that make it impossible for it to respond to legitimate traffic, are also good candidates for cloud-based solutions, Pescatore says. In fact, many companies already rely on Internet-service providers to filter their Web traffic remotely.

Other common security products, such as firewalls, which rely on large amounts of bandwidth, make less sense delivered via the cloud. Products that are heavily tied to internal computer processes, such as authentication and access-control software, also work better on-site, Pescatore says. Furthermore, if a product still requires a customer to install some software, Pescatore doesn’t consider it a true security-as-a-service offering.

Paul Judge, chief technology officer of Purewire, an Atlanta-based Web security company, argues that the software-as-a-service approach is especially suited to handling modern Web threats. This, he says, is because users typically use a range of different devices and networks to do business, requiring, he says, “an approach that can always sit between the user and the Web, no matter where the user is.”

While the service approach is perceived as a way to save money, Judge says it can offer unique technical advantages too. It’s possible to analyze threats better from the cloud than from a single appliance installed for a client. For example, some JavaScript attacks require deeper analysis to be detected, and a single device may not have the necessary processing power. By centralizing the task in the cloud, Judge says, his company is able to use specially designed hardware that enables deeper analysis at a higher speed.

1 comment. Share your thoughts »

Credit: Technology Review

Tagged: Computing, Business, security, Web security, software as a service

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me