One cannot underestimate the effect that the ongoing skills gap is having on organizations’ digital security strategies. Gartner estimates that the global number of unfilled digital security positions is expected to grow to 1.5 million by 2020. Reflecting this trend, more than 70 percent of organizations feel that hiring skilled infosec personnel became harder between 2017 and 2019.
Organizations know that a robust security workforce is instrumental in identifying vulnerabilities, managing secure configurations and responding to security issues in a timely manner. But they also realize that they need to address their security requirements regardless. In response, an equal percentage of organizations are committed to hiring more people with security expertise as well as turning to more managed services going into the future.
This explains the emergence of Security as a Service (SECaaS).
Putting SECaaS into Perspective
Techopedia defines SECaaS as “a cloud computing model that delivers managed security services over the internet.” It’s like software as a service (SaaS) in that cloud-based provider hosts all IT infrastructure and applications of what they’re offering. Unlike SaaS, however, SECaaS is limited to information security services only.
Organizations who decide to go with an SECaaS provider can reap several benefits. Forcepoint identifies just a few of these:
- Reduced costs and greater agility: Organizations can purchase a subscription tier offered by a SECaaS provider. This model lets organizations change their plans as they grow, as their security needs change and as the threat landscape continues to evolve.
- Latest tools and updates: Speaking of the evolving threat landscape, organizations need all the latest tools to keep up with new attacks. SECaaS plans give organizations access to these new solutions across all of their servers, computers and devices.
- Liberated resources: In the knowledge that a trusted provider is managing their security needs, organizations can allow their IT teams to focus on other matters. Alternatively, they can charge their IT teams to use the visibility granted by a SECaaS solution to manage all security policy and system changes.
The Evolving SECaaS Market
The benefits discussed above aren’t automatic. They materialize only when organizations purchase a SECaaS solution that aligns with their business needs. In its latest Data Breach Investigations Report, for instance, Verizon found that organizations’ interest in security as a service was secondary to their concern about security risk overall in their environments.
SECaaS providers must take these needs into consideration if they are to become trusted advisors of their customers. Towards that end, they must understand that the SECaaS market is not monolithic in structure. Many organizations are already using some form of vulnerability management program, for instance. But as organizations (and their IT environments) continue to grow in size, there’s the risk that these programs will become less effective in remediating known security gaps. Organizations can use a SECaaS platform to ensure that their vulnerability management program seamlessly grows with them, providing robust digital defense at every step along their digital transformation.
SECaaS doesn’t end there; organizations using vulnerability management are still suffering security incidents. That explains why some SECaaS providers are turning to risk management as a means of bringing SIEMs, vulnerability management and managed services together. This new category of SECaaS will help organizations better address risk in their IT environments.
Where Things Go from Here
All of these trends beg several questions for SECaaS providers. How can they seize on existing marketing trends to meet organizations’ security needs? And where should they be directing efforts to meet their customers’ future requirements?
Tim Erlin, VP of product management & strategy at Tripwire, will discuss these and other issues at Infinigate UK’s VSEC Conference 2019. In his session “Digging Deeper: Opportunity and Adversity in the SECaaS Market,” Erlin will specifically dive into the market trends driving SECaaS, discuss how channel partners can take advantage of the SECaaS opportunity and help SECaaS providers forge constructive partnerships with their customers.
Murray Pearce, managing director at Infinigate UK, is excited that Erlin will be clarifying this market trend at the upcoming VSEC Conference:
Research shows the global cost of cybercrime has now reached over $600 billion and with 80% of organizations today suffering from a global shortfall in skilled IT security personnel, the time has never been better to become a provider of Security-as-a-Service. Our VSEC Conference 2019 is a great opportunity for IT security channel partners to discover how they can become leaders in the evolving SECaaS market, irrespective of size, current offering or level of expertise. We look forward to welcoming Tripwire as exclusive Platinum Sponsor of VSEC 2019, and Tim Erlin as our opening keynote speaker!
VSEC Conference 2019 will take place on Tuesday, November 19 at 8 Northumberland Avenue in London, UK. Those interested in attending Erlin’s session and other conference presentations can register for the event here.