SaaS SecureS in uncertain timeS
        Software-as-a-Service Improves Web and
                  Email Security in Tough T...
SaaS Secures in Uncertain Times


      SaaS improves Web and email Security in tough times                   ...
SaaS Secures in Uncertain Times

SaaS Improves Web and Email Security in Tough Times

                    The software-...
SaaS Secures in Uncertain Times

Inside SaaS
Before we look at how SaaS specifically addresses Web and email security c...
SaaS Secures in Uncertain Times

Cutting-Edge Tools and Services
Webroot uses a combination of multiple best-of-breed a...
SaaS Secures in Uncertain Times

SaaS Marks the Next Step in the Journey
In an uncertain economy, businesses of all siz...
SaaS Secures in Uncertain Times

Getting the Most From SaaS
Signing on with a software-as-a-service (SaaS) provider may...
SaaS Secures in Uncertain Times

                  About Webroot
                  Webroot provides industry-leading se...
Upcoming SlideShare
Loading in...5

SaaS SecureS in uncertain timeS


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Transcript of "SaaS SecureS in uncertain timeS"

  1. 1. SaaS SecureS in uncertain timeS Software-as-a-Service Improves Web and Email Security in Tough Times
  2. 2. SaaS Secures in Uncertain Times Contents SaaS improves Web and email Security in tough times . . . . . . . . . . . . . . . . . . . . . . . . . 1 Understanding Today’s Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Inside SaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 SaaS and Security: A Natural Fit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Cutting-Edge Tools and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 SaaS marks the next Step in the Journey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Getting the most From SaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 about Webroot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
  3. 3. SaaS Secures in Uncertain Times SaaS Improves Web and Email Security in Tough Times The software-as-a-service model can help you stay ahead of Web and email threats without breaking the bank on infrastructure and management. There are three truisms about a tight economy that every IT manager knows: You have to support more projects with fewer people and tighter budgets; approvals for infrastructure build-outs are scarce; and it’s your job to ensure employee productivity remains high . Spending is going to These may seem like Herculean tasks, especially when you’re dealing with ever-increasing be affected by this threats to your Web and email networks, but IT executives and industry experts say success economic slowdown, so organizations need can be found by moving to a software-as-a-service (SaaS) delivery model . “Spending is to rethink how they going to be affected by this economic slowdown, so organizations need to rethink how manage noncore, they manage noncore, yet critical, tasks such as Web and email security,” says Brian Burke, yet critical, tasks program director for security products at Framingham, Mass .-based research firm IDC . such as Web and Recently, enterprises of all sizes have turned to gateway appliances to block spam, scan for email security. viruses, and perform URL and content filtering . But performing these tasks on the network – Brian Burke, Program Director for can be costly in terms of hardware, software, bandwidth and administration . For instance, Security Products, IDC a boost in spam oftentimes results in the need for additional appliances and licenses, increased email server capacity, expanded storage space, a hike in bandwidth, and dedicated man-hours to deploy and manage these infrastructure build-outs . These expenses are hard to fathom in today’s fiscally challenged environment . “Organizations are definitely experiencing appliance fatigue . The number of boxes they have to manage is overwhelming, and the costs continue to add up,” Burke says . To combat this problem and free up valuable resources, companies are starting to use Web and email security SaaS to handle threats before they hit the network . This approach not only helps to save time and money, but it actually improves protection by defeating today’s highly complex and dynamic threats in the cloud, in real time . Understanding Today’s Vulnerabilities While IT budgets may be shrinking, there is definitely no shortage of attacks IT professionals face in regard to Web and email . Burke says the link between the two is becoming indis- tinguishable, thanks to the use of Web 2 .0 technologies such as social networking, Wikis A lot of email servers and blogs in the workplace . He adds that spam is also on the rise, accounting for more than and appliances are 80% of all enterprise email, and the number one threat to email security is now embedded faltering because URL links within these messages . they can’t keep up with the volume These statistics make it easy to understand how vital a comprehensive Web and email they’re expected security plan is to an organization . In fact, Burke predicts that Web and email security are to handle. so intertwined that in the near future IT teams will address them in a unified manner . – Brian Burke, Program Director for Security Products, IDC Until then, trying to stay on top of these threats on-premise in terms of infrastructure and knowledge is a costly and exhausting endeavor for many enterprises . “A lot of email servers and appliances are faltering because they can’t keep up with the volume they’re expected to handle,” Burke says . And with new viruses and malicious Web sites popping up with abandon, IT organizations have had to be- come security gurus, chasing down signatures piecemeal, pushing out updated policies, and adding to URL blacklists, all while being careful not to hamper user productivity with application downtime and false positives . In addition, many organizations are beholden to data retention laws, so any messages that make their way onto the network — even spam — must be stored for a certain length of time . The result: an incredible waste of storage resources . 1
  4. 4. SaaS Secures in Uncertain Times Inside SaaS Before we look at how SaaS specifically addresses Web and email security challenges such as those discussed above, let’s look at how SaaS is beneficial in general . With SaaS, an application is hosted and delivered over the Internet by a provider, negating the need for on-premise hardware, software or dedicated personnel . Rather than continually paying for hardware, software and maintenance licenses, $100 you pay a fixed price on a per-user basis that provides everything you require, including all support and maintenance . This enables you to dynamically add or $80 subtract users based on your growth, paying only for what you need, when you $60 need it . Also, because SaaS is essentially a subscription, companies can count $40 application usage as an operating expense as opposed to a complicated — and depreciating — capital expenditure . In fact, one esearch firm found that a SaaS $20 solution can reduce the annual application cost per user from $100 to $60 versus $0 a traditional appliance-based solution . Appliance SaaS SaaS also offers companies leverage vs . on-premise solutions because they are based on service-level agreements . This key differentiator means that companies have a contract with the service provider to guarantee optimal performance and reliability . SaaS applications generally offer similar functionality as their on-premise counterparts, but with a distinct benefit . As soon as the provider develops new features, customers can take immediate advantage of them without having to spend time download- ing and testing code to ensure proper network integration . In addition, SaaS is controlled through a team’s Web-based console so IT can easily set and manage company use policies for all users . SaaS and Security: A Natural Fit Where the SaaS model really hits home is with Web and email security because it provides IT teams a way to stop threats before they clog — or take down — the network . All vulnerabilities are dealt with in the cloud . To understand the economic ramifications, consider this real-world example . At Dallas County Community College District (DCCCD) in Mesquite, Texas, the email network supports inbound and outbound messages for more than 65,000 mailboxes . Of the almost 3 million There’s no question messages DCCCD received each day, more than 95% were spam, exposing the district to [Webroot E-Mail worms, bots and other vulnerabilities that threatened the network and user productivity . To Security SaaS] has manage that spam explosion on-premise, DCCCD would have had to add more staff, appli- taken a significant ances, bandwidth and other infrastructure . load off the network in terms of server capac- Instead, DCCCD switched over to Webroot E-Mail Security SaaS, which was “as easy as ity, bandwidth and changing a record in our domain name server to redirect to Webroot,” says Steve Glick, As- storage space. sociate District Director for Information Technology at DCCCD . “There’s no question this has taken a significant load off the network in terms of server capacity, bandwidth and – Steve Glick, Associate Director for storage space .” Information Technology, DCCCD Webroot E-Mail Security SaaS has also alleviated the burden on Glick’s network support specialist, who was tasked with supporting the security appliances and their surrounding infrastructure . Now, instead of having to beef up staff, Glick has been able to redeploy the network support specialist to other, more strategic projects . “Web and email security SaaS are particularly helpful for IT organizations that lack dedicated security personnel,” Burke says . “Because security is their primary focus and they are watching for threats across a broad spectrum, SaaS providers like Webroot are better equipped to detect new vulnerabilities and ensure your on-site and mobile workers are thoroughly protected .” 2
  5. 5. SaaS Secures in Uncertain Times Cutting-Edge Tools and Services Webroot uses a combination of multiple best-of-breed antivirus and anti-spam engines as well as its own anti-spyware tool, Webroot Spy Sweeper®, and an automated threat research system to keep its Webroot Web Security SaaS and Webroot E-Mail Security SaaS services cutting edge . Users are also protected by zero-hour heuristic filters that guard against new and unknown virus variants and keep false positives low . And because traffic is filtered through Webroot data centers, distributed denial-of- service attacks can be neutralized before they reach corporate mail servers . Using the multivendor approach for anti-virus engines also allows Webroot to offer a high-quality, inexpensive SaaS solution without compromising security . Companies can cost-efficiently guarantee that their corporate acceptable usage policies regard- ing Web sites and content are enforced for on-site and remote workers . In fact, Webroot Web Security SaaS can apply proactive notification of company Internet use policy to search engine results, indicating whether a site can be accessed, potentially contains malware, or is blocked . That’s one of the attractions for Adam Edwards, partner at London-based Cumberland Ellis Law Firm LLP who has to ensure that his users are protected from inappropriate content , while complying with the firm’s Internet use policies, best practice and the law . “Email and Because security is Web are at the core of everything we do here, and we have a certain level of paranoia about their primary focus our clients’ privacy and security . We have to make sure that we maintain absolute confidenti- and they are watching ality and properly secure our clients’ data, a part of which includes ensuring that we are not for threats across a attacked or compromised by malicious code via the Web,” Edwards says . broad spectrum, SaaS providers like Webroot Edwards relies on Webroot Web Security SaaS and Webroot E-Mail Security SaaS to ensure are better equipped that preconfigured corporate policies are being adhered to without hampering employee to detect new vulner- productivity . He uses the Web-based console to track and mitigate false positives and to abilities and ensure make sure that employees can access the spam quarantine . But it’s not only policy enforce- your on-site and ment that Edwards enjoys about Webroot Web Security SaaS and Webroot E-Mail Security mobile workers are SaaS . He’s also a fan of the inherent disaster recovery feature, which has saved him the cost thoroughly protected. of installing a more fault-tolerant system on or off-site . – Brian Burke, Program Director for For instance, the law firm recently suffered a Microsoft Exchange Server outage, but users Security Products, IDC were still able to access their email via the Webroot service . “If we had to maintain an off-site mirrored Exchange Server ourselves, it would be a costly technical feat . This way, we always have the previous month’s worth of email at the ready wherever in the world our employees are,” Edwards says . The biggest cost benefit of the Webroot SaaS offerings is the security expertise the company brings to the table at a significantly lower TCO . “From a practical standpoint, there’s no way with only one full-time IT manager supporting 80 users that we can fully master every aspect of security in-house,” Edwards says . “Web and email security require 24/7 attention, and since that is Webroot’s business, they have a much greater chance of recognizing and blocking threats than we ever could .” 3
  6. 6. SaaS Secures in Uncertain Times SaaS Marks the Next Step in the Journey In an uncertain economy, businesses of all sizes are struggling to find new ways to survive. The same is true for information technology teams, which are being forced to reevaluate how they deploy and manage applications across the enterprise. Webroot CEO Peter Watkins recently discussed this difficult environment with Technology Editor Sandra Gittlen and ex- plained how IT teams can cost-effectively tackle one of the most difficult challenges, Web and email security, with software as a service (SaaS). Q: How has application management, particularly in the areas of Web and email security, changed for it in the past few years? A: The bar has constantly been raised for how IT deploys and runs existing applications . There is tremendous pressure to cut costs and drive out redundancies throughout their current systems as well as to find efficiencies in implementing new applications . Many organizations have been burned by applications that were too complex to deploy and manage . Q: How does the economy compound this struggle? A: I’m not sure most IT managers have experienced this type of recessionary climate before and, unfortunately, many are going to be subject to disproportionate cuts in terms of staffing and budget . Companies will be thinking only about what directly brings money in the door — such as new sales applications — and expect other areas to be severely scaled back or delayed . In addition, they will expect what has become the base of services that IT provides, such as email and Web security, to become utilities and be provided at the lowest possible cost . Q: How can software as a service lessen this burden? A: Let’s start with the primary benefit of SaaS — it’s far easier to deploy and manage because there is zero to minimal implementation of hardware and software needed within an organization . This eliminates many of the costs associated with a typical security project . For instance, if you are trying to secure Web and email access at remote sites, you no longer have to send out a staff member to install and manage an appliance or other infrastructure . Also, the length of your deployment will be dramatically shortened because there is nothing to install and no interaction with the network or desktop to worry about . Too often, we hear about IT teams that tried to roll out an on-premise solution only to find it was more complex than they planned, needing more bodies, more time and more money . With SaaS, you can trial the application and see firsthand what the deployment cycle entails . Often-times, you can have your application up and running enterprise-wide within a few hours, freeing your staff and budget for other, more strategic purposes . SaaS solutions in the security space are also far more effective than their on-premise counterparts . With an on-premise solution, customers are stuck with the single antivirus tool and signature recognition software their vendor uses . Conversely, Webroot uses a multivendor approach, including five different antivirus engines, to block malicious code from getting inside your organization . Q: Have you noticed that overall organizations are more accepting of SaaS solutions than they were even a year ago? A: Definitely . It’s skyrocketing in areas such as CRM and payroll . Email security is already well past the early adopter phase and we expect Web security to experience the same growth over the next few months . And while there is still more education that has to be done about SaaS, organizations are starting to realize they don’t want viruses, spam and other threats to come onto their network so they are seeing the value of dealing with those vulnerabilities in the cloud . Q: Who typically holds the decision-making power regarding SaaS within an organization? A: When it comes to email and Web security, that’s clearly the domain of IT . They take the lead and specify what they want, to make sure there are clean pipes to and from the Internet . Q: What changes has the SaaS industry undergone that makes it more appealing to it organizations? A: Before SaaS, there were application service providers that hosted what was essentially on-premise software out of data centers . While they modified the applications to be Web-friendly, they were kludgy . SaaS offerings have been engineered from the ground up to be delivered over the Web . And they also support multi-tenancy — allowing more than one customer on a server — to drive down costs . In addition, these services have been optimized in terms of their Web interface, performance, Internet delivery infrastructure, security and other key areas . In many ways, they offer far better reliability these days than most corporate networks . Q: Do you think organizations will go back to on-premise solutions when we pull out of this economic crisis? A: No, I think we are on a very clear evolutionary path here . Early on, IT was gung ho to buy and deploy software themselves . Then they turned to appliances because they offered an all-in-one solution . Each step has been designed to make application deployment and management simpler . And SaaS is clearly the next step in that journey . I’m confident SaaS will prove from a technical, ease of use and pricing perspective to be a benefit to IT organizations everywhere for the foreseeable future . Sandra Gittlen is a Massachusetts-based technology writer. 4
  7. 7. SaaS Secures in Uncertain Times Getting the Most From SaaS Signing on with a software-as-a-service (SaaS) provider may have you worried that you are giving up control, but that doesn’t have to be the case. Here are some surefire ways to guarantee you stay in the driver’s seat. 1. try before you buy. There’s no better way to understand how SaaS will benefit your environment than seeing results for yourself . While this can be cumbersome with appliances and on-premise solutions, SaaS offerings make evaluating the benefits of Web and email security as easy as redirecting your traffic to an alternate URL or altering your MX record . You can even send production traffic through the SaaS provider’s environment to check real-time latency and the other impacts on the end-user experience . 2. Get it in writing. The most important part of any SaaS offering is the service-level agreement (SLA), which outlines your provider’s guar- antees . You’ll want to make sure that the SLA covers performance, uptime, notification of downtime, and other critical factors as well as the repercussions for failing to meet those guarantees . For instance, your provider should offer 24/7 availability . You’ll also want a false-positive rate for catching viruses that is lower than 1 in 400,000 . To ensure these metrics are being met, have your provider send you regular reports . 3. Know your compliance mandates. When it comes to security, it’s imperative that you understand the guidelines for data protection that your company must follow . For example, do you have requirements that dictate how long you have to retain business records or privacy restrictions regarding customer information? Develop policies that reflect these mandates and then convey them to your SaaS provider . Together you’ll be able to conduct audits that ensure ongoing compliance . 4. Share your SaaS success. It’s easy to measure the success of a SaaS solution . For instance, if your email security solution is stopping 98% of the spam that would otherwise have to be handled by your network, then that’s a tremendous savings in terms of bandwidth and server capacity . Or if your Web security service has blocked hundreds of attempts by employees to visit “bad” sites, then you’ve essentially stopped malware from taking down the network and increased worker productivity . Make sure to share these benefits with corporate executives so they understand the business value of your SaaS decision . 5. enjoy your newfound freedom. With SaaS, you no longer need a dedicated employee to chase down the latest virus signatures, test and deploy patches, or update URL blacklists . All this is handled automatically as part of your service . You also don’t have to spend time purchasing, provisioning and maintaining hardware, software or appliances in-house and at remote locations . This means that you can redeploy staff to more strategic and mission-critical tasks . The Webroot ROI Calculator allows you to estimate total cost savings based on your specific email and Web security solutions. 5
  8. 8. SaaS Secures in Uncertain Times About Webroot Webroot provides industry-leading security solutions for consumers, enterprises and SMBs worldwide . Webroot recently announced two new perimeter security offerings, Webroot E-mail Security SaaS and Webroot Web Security SaaS . A proven software-as-a-service offering, Webroot E-Mail Security SaaS delivers e-mail archiving, encryption, business continuity, anti- spam, anti-virus and anti-phishing capabilities that give companies of all sizes better manageability, better value and better protection . Webroot Web Security SaaS provides web-filtering protection and secures against viruses, spyware and inappropri- ate Web usage, with no hardware or software to maintain and lower total cost of ownership . Service features include access control, content control, threat protection, detailed logging and real-time reporting . Recently voted Best Anti-Malware Solution by SC Magazine readers, Webroot AntiSpyware Corporate Edition and Webroot AntiSpyware Corporate Edition with AntiVirus are comprehensive, centrally managed solutions that aggressively block, detect and eradicate malware on desktops across the network . Webroot products consistently receive top review ratings by respected third–party outlets and have been adopted by millions globally . Available either as branded solutions or on an OEM basis, Webroot products can be found at www .webroot .com and on the shelves of leading retailers worldwide . To find out more visit www .webroot .com or call 1 .800 .870 .8102 . Webroot Software, Inc. – World Headquarters Webroot Ltd. – EMEA Headquarters Webroot Software Pty Ltd. – APAC Headquarters 2560 55th Street Cart Lodge, Squerryes, Goodley Stock Road Level 11, Tower B, 821 Pacific Highway Boulder CO 80301 USA Westerham, Kent TN16 1SL, UK Chatswood NSW 2067 Australia • 800.870.8102 • +44 (0)870 1417 070 • +61 (0)2 8448 8144 • 1.800.029.234 © 2009 All rights reserved . Webroot Software, Inc . Webroot, the Webroot icon, Spy Sweeper and the Webroot tagline are trademarks or registered trademarks of Webroot Software, Inc . in the United States and other countries . All other trademarks are properties of their respective owners . NO WARRANTY . Analysis based on research conducted by Webroot Software, Inc . The information is provided AS-IS and Webroot makes no warranty as to its accuracy or use . Any use of the technical documentation or the information contained herein is at your own risk . Documentation may include technical or other inaccuracies or typographical errors . Webroot reserves the right to make changes without prior notice . Certain data is available upon request . uSa-280109-1.2