Security as a Service (SECaaS)
Security as a service (SECaaS) is the provisioning of security controls/solutions as a managed service, typically over the internet. With SECaaS, security solutions are no longer delivered/deployed locally, IT administrators no longer have to install virus protection software, spam filtering software, and other security controls on each workstation, server or network, and they no longer need to maintain software up-to-date.
When customers choose SECaaS, they are essentially choosing to relinquish control over their security to a third-party specialist. As a result, the customer’s overall security posture improves because security systems are maintained and administered by security specialists.
SECaaS is typically delivered on the basis of a subscription, which for many companies means replacing the one-time licensing costs of security software with a reoccurring subscription.
The Cloud Security Alliance (CSA) defines the following categories of SECaaS categories:
- Business Continuity and Disaster Recovery (BCDR or BC/DR)
- Continuous Monitoring
- Data Loss Prevention (DLP)
- Email Security
- Identity and Access Management (IAM)
- Intrusion Management
- Network Security
- Security Assessment
- Security Information and Event Management (SIEM)
- Vulnerability Scanning
- Web Security
A security operations center (SOC) provides centralized cybersecurity incident detection, and response capabilities. SOC as a service is an outsourced model where a third party is responsible for managing the SOC on behalf of its customers. The SOC typically resides remotely and gets fed with logs and alerts from security controls that reside on the customers’ premises.
Security as a service enables organizations that do not have the security expertise in-house, or the ability to recruit the required expertise, to license a professionally managed service. It also enables organizations to replace the upfront costs of licensing and deploying security solutions with a reoccurring subscription fee.
The Cloud Security Alliance (CSA) defined the following categories of SECaaS categories:
• Business Continuity and Disaster Recovery (BCDR or BC/DR)
• Continuous Monitoring
• Data Loss Prevention (DLP)
• Email Security
• Identity and Access Management (IAM)
• Intrusion Management
• Network Security
• Security Assessment
• Security Information and Event Management (SIEM)
• Vulnerability Scanning
• Web Security
Cloud security is focused on securing resources and workloads that are deployed on public infrastructure; SECaaS is focused on delivering security solutions as a service to customers.