affordable seCUrITy                                  the network can be costly in terms
These statistics make it easy to                                            fer similar functionality as their
understand ...
Glick, associate district director for      redeploy the network support special-       cutting-edge Tools
information tec...
positives low. And because traffic is
filtered through Webroot data cen-         “Because security is their primary focus ...
Qa                                             Watkins: I’m not sure most IT man-
times, you can have your applica-          Q: Who typically holds the decision-mak-   ed what was essentially on-premise
TIps for sUCCess                                       provider send you regular reports.

Getting the most from SaaS
Upcoming SlideShare
Loading in...5

saas secures in Uncertain Times


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

saas secures in Uncertain Times

  1. 1. computerworld eBriefingS SaaS saas secures in Uncertain Times Table of ConTenTs sponsored by SaaS Improves Web and Email Security in Tough Times .................................................................... 2 SaaS Marks the Next Step in the Journey .................. 6 Getting the Most from SaaS ............................................ 8 InsIghTs from CompUTerworld sTraTegIC parTner ConTenT
  2. 2. affordable seCUrITy the network can be costly in terms of hardware, software, bandwidth SaaS Improves web and email and administration. For instance, a boost in spam oftentimes results in the need for additional appliances Security in tough times and licenses, increased email server capacity, expanded storage space, a hike in bandwidth, and dedicated The software-as-a-service model can help you stay man-hours to deploy and manage ahead of Web and email threats without breaking these infrastructure build-outs. These expenses are hard to the bank on infrastructure and management. fathom in today’s fiscally challenged environment. “Organizations are definitely experiencing appliance T by sandra gITTlen here are three truisms fatigue. The number of boxes they about a tight economy have to manage is overwhelming, that every IT manager and the costs continue to add up,” knows: You have to Burke says. support more projects with fewer To combat this problem and free people and tighter budgets; approv- up valuable resources, companies als for infrastructure build-outs are starting to use Web and email are scarce; and it’s your job to security SaaS to handle threats be- ensure employee productivity fore they hit the network. This ap- remains high. proach not only helps to save time These may seem like Herculean and money, but it actually improves tasks, especially when you’re deal- protection by defeating today’s ing with ever-increasing threats to highly complex and dynamic threats your Web and email networks, but in the cloud, in real time. IT executives and industry experts say success can be found by moving Understanding to a software-as-a-service (SaaS) Today’s Vulnerabilities delivery model. While IT budgets may be shrinking, “Spending is going to be affected there is definitely no shortage of at- by this economic slowdown, so tacks IT professionals face in regard organizations need to rethink how to Web and email. Burke says the they manage noncore, yet critical, link between the two is becoming tasks such as Web and email se- indistinguishable, thanks to the use curity,” says Brian Burke, program of Web 2.0 technologies such as so- director for security products at cial networking, Wikis and blogs in Framingham, Mass.-based research the workplace. firm IDC. He adds that spam is also on the Recently, enterprises of all sizes rise, accounting for more than 80% have turned to gateway appliances of all enterprise email, and the num- to block spam, scan for viruses, and ber one threat to email security is perform URL and content filter- now embedded URL links within ing. But performing these tasks on these messages. eBRIEFING • saas seCUres In UnCerTaIn TImes
  3. 3. These statistics make it easy to fer similar functionality as their understand how vital a comprehen- sive Web and email security plan “There’s no ques- on-premise counterparts, but with a distinct benefit. As soon as the is to an organization. In fact, Burke tion [Webroot Email provider develops new features, predicts that Web and email secu- rity are so intertwined that in the Security SaaS] has customers can take immediate advantage of them without having near future IT teams will address them in a unified manner. taken a significant to spend time downloading and testing code to ensure proper net- Until then, trying to stay on top load off the network work integration. of these threats on-premise in terms of infrastructure and knowledge is in terms of server In addition, SaaS is controlled through a team’s Web-based console a costly and exhausting endeavor capacity, bandwidth so IT can easily set and manage for many enterprises. “A lot of email company use policies for all users. servers and appliances are faltering and storage space.” because they can’t keep up with the SaaS and Security: STeVe glick, ASSociATe volume they’re expected to handle,” diSTricT direcTor for A natural fit Burke says. And with new viruses informATion Technology, dcccd Where the SaaS model really hits and malicious Web sites popping home is with Web and email secu- up with abandon, IT organizations software and maintenance licenses, rity because it provides IT teams have had to become security gurus, you pay a fixed price on a per-user a way to stop threats before they chasing down signatures piece- basis that provides everything you clog—or take down—the network. meal, pushing out updated policies, require, including all support and All vulnerabilities are dealt with and adding to URL blacklists, all maintenance. This enables you to in the cloud. while being careful not to hamper dynamically add or subtract users To understand the economic ram- user productivity with application based on your growth, paying only ifications, consider this real-world downtime and false positives. for what you need, when you need example. At Dallas County Commu- In addition, many organizations it. Also, because SaaS is essen- nity College District (DCCCD) in are beholden to data retention tially a subscription, companies Mesquite, Texas, the email network laws, so any messages that make can count application usage as an supports inbound and outbound their way onto the network—even operating expense as opposed to messages for more than 65,000 spam—must be stored for a certain a complicated—and depreciat- mailboxes. Of the almost 3 million length of time. The result: an in- ing—capital expenditure. In fact, messages DCCCD received each credible waste of storage resources. one research firm found that a SaaS day, more than 95% were spam, solution can reduce the annual ap- exposing the district to worms, inside SaaS plication cost per user from $100 to bots and other vulnerabilities that Before we look at how SaaS spe- $60 versus a traditional appliance- threatened the network and user cifically addresses Web and email based solution. productivity. To manage that spam security challenges such as those SaaS also offers companies le- explosion on-premise, DCCCD discussed above, let’s look at how verage vs. on-premise solutions would have had to add more staff, SaaS is beneficial in general. because they are based on service- appliances, bandwidth and other With SaaS, an application is host- level agreements. This key differen- infrastructure. ed and delivered over the Internet tiator means that companies have a Instead, DCCCD switched over by a provider, negating the need for contract with the service provider to Webroot Email Security SaaS, on-premise hardware, software or to guarantee optimal performance which was “as easy as changing a dedicated personnel. Rather than and reliability. record in our domain name server continually paying for hardware, SaaS applications generally of- to redirect to Webroot,” says Steve eBRIEFING • saas seCUres In UnCerTaIn TImes
  4. 4. Glick, associate district director for redeploy the network support special- cutting-edge Tools information technology at DCCCD. ist to other, more strategic projects. and Services “There’s no question this has taken “Web and email security SaaS Webroot uses a combination of a significant load off the network in are particularly helpful for IT org- multiple best-of-breed anti-virus terms of server capacity, bandwidth anizations that lack dedicated secu- and anti-spam engines as well as and storage space.” rity personnel,” Burke says. “Because its own anti-spyware tool, Spy Webroot Email Security SaaS has security is their primary focus and Sweeper, and an automated threat also alleviated the burden on Glick’s they are watching for threats across research system to keep its Web network support specialist, who was a broad spectrum, SaaS providers Security and Email Security ser- tasked with supporting the security like Webroot are better equipped to vices cutting edge. Users are also appliances and their surrounding in- detect new vulnerabilities and ensure protected by zero-hour heuristic fil- frastructure. Now, instead of having your on-site and mobile workers are ters that guard against new and un- to beef up staff, Glick has been able to thoroughly protected.” known virus variants and keep false The Webroot ROI Calculator allows you to estimate total cost savings based on your specific email and Web security solutions. eBRIEFING • saas seCUres In UnCerTaIn TImes
  5. 5. positives low. And because traffic is filtered through Webroot data cen- “Because security is their primary focus and they ters, distributed denial-of-service attacks can be neutralized before are watching for threats across a broad spectrum, they reach corporate mail servers. Using the multivendor approach for SaaS providers like Webroot are better equipped to anti-virus engines also allows Web- detect new vulnerabilities and ensure your on-site root to offer a high-quality, inexpen- sive SaaS solution without compro- and mobile workers are thoroughly protected.” mising security. (See “Getting the BriAn BUrke, Most From SaaS,” page 8.) progrAm direcTor for SecUriTy prodUcTS, idc Companies can cost-efficiently guarantee that their corporate ac- cure our clients’ data, a part of which able to access their email via the ceptable usage policies regarding includes ensuring that we are not at- Webroot service. “If we had to Web sites and content are enforced tacked or compromised by malicious maintain an off-site mirrored Ex- for on-site and remote workers. In code via the web,” Edwards says. change Server ourselves, it would fact, Webroot Web Security SaaS can Edwards relies on Webroot Web be a costly technical feat. This apply proactive notification of com- and Email Security SaaS to ensure way, we always have the previous pany Internet use policy to search that preconfigured corporate poli- month’s worth of email at the ready engine results, indicating whether a cies are being adhered to without wherever in the world our employ- site can be accessed, potentially con- hampering employee productivity. ees are,” Edwards says. tains malware, or is blocked. He uses the Web-based console to The biggest cost benefit of the That’s one of the attractions for track and mitigate false positives Webroot SaaS offerings is the secu- Adam Edwards, partner at London- and to make sure that employees rity expertise the company brings based Cumberland Ellis Law Firm can access the spam quarantine. to the table at a significantly lower LLP, who has to ensure that his users But it’s not only policy enforce- TCO. “From a practical standpoint, are protected from inappropriate ment that Edwards enjoys about there’s no way with only one full- content while complying with the Webroot Web and Email Security time IT manager supporting 80 firm’s Internet use policies, best prac- SaaS. He’s also a fan of the inherent users that we can fully master ev- tice and the law. disaster recovery feature, which ery aspect of security in-house,” “Email and Web are at the core of has saved him the cost of installing Edwards says. “Web and email everything we do here, and we have a more fault-tolerant system on- security require 24/7 attention, and a certain level of paranoia about our or off-site. since that is Webroot’s business, clients’ privacy and security. We have For instance, the law firm recent- they have a much greater chance of to make sure that we maintain abso- ly suffered a Microsoft Exchange recognizing and blocking threats lute confidentiality and properly se- Server outage, but users were still than we ever could.” w Sandra Gittlen is a Massachusetts-based technology writer and former senior editor at Network World. eBRIEFING • saas seCUres In UnCerTaIn TImes
  6. 6. Qa Watkins: I’m not sure most IT man- agers have experienced this type SaaS marks the of recessionary climate before and, unfortunately, many are going to be subject to disproportionate cuts in Next Step in the Journey terms of staffing and budget. Com- panies will be thinking only about what directly brings money in the door—such as new sales applica- tions—and expect other areas to be severely scaled back or delayed. In addition, they will expect I n an uncertain economy, what has become the base of servic- businesses of all sizes are es that IT provides, such as email struggling to find new ways to and Web security, to become utili- survive. The same is true for ties and be provided at the lowest information technology teams, which possible cost. are being forced to reevaluate how they deploy and manage applications Q: how can software as a service lessen across the enterprise. Webroot CEO this burden? Peter Watkins recently discussed this Watkins: Let’s start with the primary difficult environment with Technol- benefit of SaaS—it’s far easier to ogy Editor Sandra Gittlen and ex- deploy and manage because there is plained how IT teams can cost-effec- zero to minimal implementation of tively tackle one of the most difficult hardware and software needed with- challenges, Web and email security, in an organization. This eliminates with software as a service (SaaS). many of the costs associated with a typical security project. For instance, Q: how has application management, if you are trying to secure Web and particularly in the areas of Web and email access at remote sites, you no email security, changed for iT in the past longer have to send out a staff mem- few years? ber to install and manage an appli- Watkins: The bar has constantly ance or other infrastructure. been raised for how IT deploys and Also, the length of your deploy- runs existing applications. There ment will be dramatically shortened is tremendous pressure to cut because there is nothing to install costs and drive out redundancies and no interaction with the net- throughout their current systems as work or desktop to worry about. well as to find efficiencies in imple- Too often, we hear about IT teams menting new applications. Many that tried to roll out an on-premise organizations have been burned by solution only to find it was more applications that were too complex complex than they planned, needing to deploy and manage. more bodies, more time and more money. With SaaS, you can trial the Q: how does the economy compound this application and see firsthand what struggle? the deployment cycle entails. Often- eBRIEFING • saas seCUres In UnCerTaIn TImes
  7. 7. times, you can have your applica- Q: Who typically holds the decision-mak- ed what was essentially on-premise tion up and running enterprisewide ing power regarding SaaS within an software out of data centers. While within a few hours, freeing your organization? they modified the applications to be staff and budget for other, more Watkins: When it comes to email Web-friendly, they were kludgy. SaaS strategic purposes. and Web security, that’s clearly the offerings have been engineered from SaaS solutions in the security domain of IT. They take the lead the ground up to be delivered over space are also far more effective and specify what they want, to the Web. And they also support mul- than their on-premise counter- make sure there are clean pipes to titenancy—allowing more than one parts. With an on-premise solu- and from the Internet. customer on a server—to drive down tion, customers are stuck with the costs. In addition, these services have single anti-virus tool and signature Q: do you find them more reluctant to been optimized in terms of their recognition software their vendor sign on than business leaders? Web interface, performance, Internet uses. Conversely, Webroot uses a Watkins: There are those IT groups delivery infrastructure, security and multivendor approach, including that mistakenly equate SaaS with giv- other key areas. In many ways, they five different anti-virus engines, to ing up control of their environment. offer far better reliability these days block malicious code from getting But what they don’t understand is than most corporate networks. inside your organization. they are gaining far more control because their security will be bet- Q: do you think organizations will go Q: have you noticed that overall organi- ter. For instance, as we clean other back to on-premise solutions when we zations are more accepting of SaaS solu- customers’ Web sites, we can ensure pull out of this economic crisis? tions than they were even a year ago? whatever malware we find never Watkins: No, I think we are on a Watkins: Definitely. It’s skyrocketing lands on your network. That’s some- very clear evolutionary path here. in areas such as CRM and payroll. thing you don’t get with on-premise Early on, IT was gung ho to buy and Email security is already well past the solutions that require you to down- deploy software themselves. Then early adopter phase and we expect load and distribute updates. Threats they turned to appliances because Web security to experience the same these days are too dynamic. By the they offered an all-in-one solution. growth over the next few months. time you send out an updated URL Each step has been designed to And while there is still more blacklist to your in-house boxes, the make application deployment and education that has to be done about Web sites will have disappeared. management simpler. And SaaS is SaaS, organizations are starting clearly the next step in that journey. to realize they don’t want viruses, Q: What changes has the SaaS industry I’m confident SaaS will prove from spam and other threats to come undergone that makes it more appealing a technical, ease of use and pricing onto their network so they are see- to iT organizations? perspective to be a benefit to IT ing the value of dealing with those Watkins: Before SaaS, there were ap- organizations everywhere for the vulnerabilities in the cloud. plication service providers that host- foreseeable future. w eBRIEFING • saas seCUres In UnCerTaIn TImes
  8. 8. TIps for sUCCess provider send you regular reports. Getting the most from SaaS 3. know your compliance mandates. When it comes to security, it’s imperative that you understand the guidelines for data protection that your company must fol- low. For example, do you have require- ments that dictate how long you have to retain business records or privacy re- S igning on with a software- strictions regarding customer informa- as-a-service (SaaS) provider tion? Develop policies that reflect these may have you worried that mandates and then convey them to your you are giving up control, but SaaS provider. Together you’ll be able that doesn’t have to be the case. Here to conduct audits that ensure ongoing are some surefire ways to guarantee you compliance. stay in the driver’s seat. 4. Share your SaaS success. It’s easy to 1. Try before you buy. There’s no better measure the success of a SaaS solution. way to understand how SaaS will bene- For instance, if your email security solu- fit your environment than seeing results tion is stopping 98% of the spam that for yourself. While this can be cumber- would otherwise have to be handled by some with appliances and on-premise your network, then that’s a tremendous solutions, SaaS offerings make evaluat- savings in terms of bandwidth and serv- ing the benefits of Web and email secu- er capacity. Or if your Web security ser- rity as easy as redirecting your traffic vice has blocked hundreds of attempts to an alternate URL or altering your by employees to visit “bad” sites, then MX record. You can even send produc- you’ve essentially stopped malware tion traffic through the SaaS provider’s from taking down the network and in- environment to check real-time latency creased worker productivity. Make sure and the other impacts on the end-user to share these benefits with corporate experience. executives so they understand the busi- ness value of your SaaS decision. 2. get it in writing. The most important part of any SaaS offering is the service- 5. enjoy your newfound freedom. With level agreement (SLA), which outlines SaaS, you no longer need a dedicated your provider’s guarantees. You’ll employee to chase down the latest want to make sure that the SLA covers virus signatures, test and deploy performance, uptime, notification of patches, or update URL blacklists. All downtime, and other critical factors this is handled automatically as part as well as the repercussions for failing of your service. You also don’t have to to meet those guarantees. For instance, spend time purchasing, provisioning your provider should offer 24/7 avail- and maintaining hardware, software or ability. You’ll also want a false-positive appliances in-house and at remote loca- rate for catching viruses that is lower tions. This means that you can redeploy than 1 in 400,000. To ensure these staff to more strategic and mission- metrics are being met, have your critical tasks. w eBRIEFING • saas seCUres In UnCerTaIn TImes