How To Make Hosted Web Security Services Work

Outsourcing Web security functions sounds good on paper, but how do you make hosted services work in your organization? A new Dark Reading report offers some answers
[Excerpted from "Hosted Web Security Services: Block Malware Before Your Border," a new report published today in Dark Reading's Security Services Tech Center.]

If the spread of Web-borne malware and the threat of other Internet attacks has you wondering what to do next, then there is one option you should consider:

Get somebody else to do it for you.

In today's struggling economy, it's no surprise that lower upfront and operational costs are making hosted Web security attractive to resource-strapped organizations. The broad availability of services and advanced features like data loss prevention (DLP) also help differentiate vendors in this market.

The biggest advantage of these services, however, is the ability to stop malware before it ever reaches your corporate network -- a benefit that could save you tens to hundreds of thousands of dollars by avoiding lost productivity, IT labor to clean up malware infection, potential damage to your reputation, and breach notification costs.

If you haven't evaluated hosted Web security services lately, they've evolved greatly from the basic URL filtering model of a few years ago. Today's offerings include advanced features like advanced anti-malware capabilities and vulnerability detection.

Companies are also benefiting from the nature of cloud services in that updates can be applied immediately to all customers and do not require time-consuming efforts to push fixes to individual desktops. Likewise, location does not matter -- users working from home or abroad receive the same protection as those located in the corporate headquarters.

All is not necessarily sunny when outsourcing to a cloud-based Web security service, however. Concerns over privacy, downtime, and latency will impact the decision to move from a traditional security appliance to a software-as-a-service (SaaS) model. Vendors with strong service-level agreements and multiple, secure data centers around the world can help alleviate those concerns, making the transition -- and selection of a service provider -- easier.

Choosing a hosted Web security service provider can be a bit daunting given how many offerings are now available. Providers run the gamut from your typical pure-play pioneer, like ScanSafe, to well-established email security service providers that have complemented their email offerings by adding Web security to the mix.

Vendors of traditional Web security appliances have also entered the SaaS market to stay relevant as more companies seek to outsource security where it makes sense. Last but not least are the big-name security vendors that have purchased Web security SaaS companies, including McAfee (MXLogic), Symantec (MessageLabs), and Barracuda Networks (Purewire).

Just as the origins of Web security service vendors can vary, so can the features. At a minimum, each should provide the following basic functionality. Be aware that the depth and granularity of support for each feature can -- and generally does -- vary among vendors, so be sure to decide which capabilities are most important for your company as you interview providers and narrow down your shortlist.

To read the full list of features you should evaluate in a hosted Web security service -- and to get detailed advice on how to evaluate and engage such services -- please download "Hosted Web Security Services: Block Malware Before Your Border".

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.