Some security products make more sense delivered as a service than others, according to John Pescatore, who specializes in security and privacy as a vice president and research fellow at Gartner Research. It makes sense, he says, that most e-mail security products are based in the cloud, since e-mail comes to organizations through the Internet and can be filtered before arriving. Denial-of-service attacks, which involve flooding a computer server with dummy requests that make it impossible for it to respond to legitimate traffic, are also good candidates for cloud-based solutions, Pescatore says. In fact, many companies already rely on Internet-service providers to filter their Web traffic remotely.
Other common security products, such as firewalls, which rely on large amounts of bandwidth, make less sense delivered via the cloud. Products that are heavily tied to internal computer processes, such as authentication and access-control software, also work better on-site, Pescatore says. Furthermore, if a product still requires a customer to install some software, Pescatore doesn’t consider it a true security-as-a-service offering.
Paul Judge, chief technology officer of Purewire, an Atlanta-based Web security company, argues that the software-as-a-service approach is especially suited to handling modern Web threats. This, he says, is because users typically use a range of different devices and networks to do business, requiring, he says, “an approach that can always sit between the user and the Web, no matter where the user is.”