|
Taking the Services-on-Demand Plung
Whereas Qualys mostly targets large enterprise accounts, Alert Logic's sweet spot is more in midmarket businesses, many of which see the cost of deploying on-premises personnel and solutions as beyond their budget.
The PCI penalties demonstrate how security-as-a-service differs in one respect from business application service offerings like Salesforce.com or NetSuite. While cost analysis shows that hosted CRM, for example, can cost more than on-premises CRM after three or four years, such calculations don't necessarily hold in the security realm for one good reason: The downsides of a big breach are incalculable.
"You can't run a spreadsheet that will tell you how much you might lose because you don't protect your information," says Alert Logic's Smith. One might point to the massive TJX credit card breach as a cautionary tale.
In some cases, SaaS doubters don't want their information residing anywhere in the cloud; the outside-the-firewall aspect still spooks many companies and government agencies.
"These in-the-cloud providers must haul event and security data to a central data center," says Andrew Plato, president of Anitian Enterprise Security, a consulting firm in Beavert...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
on, Ore. "That turns off a lot of customers who do not want their security data commingling with other companies' [data]."
For Paul Simmonds, global information security director for London-based chemical giant ICI, that fear is unwarranted. ICI adopted Qualys' service about five years ago to offload the management of network protection and its associated headaches.
"My data is encrypted with my keys on their database. [Qualys] systems admins can't even access my data," Simmonds says.
Another perk is that security services overlay the customer's existing infrastructure. ICI and other users continue to run their existing desktop security and other software. "Qualys is an addition; we don't have to change the way we're working," Simmonds notes.
For smaller companies, the notion of foreseeable costs also leads them to security services versus on-premises solutions. Incremental subscription payouts aren't large capital expenditures like big up-front purchases of hardware and software for security monitoring.
"Predictability helps for budgeting. You know how much you'll spend annually on hardware, support, service and maintenance. It's almost a no-brainer," says Joey Rappaport, IT manager for Rosetta Resources, an oil and gas company.
|
 |
|
