Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

After Years Of Struggle, SaaS Security Market Finally Catches Fire

Shifts in economy, threats make SaaS an easier choice, oldest providers say

When it comes to security, software-as-a-service (SaaS) technology is hot. In a report published last month, Infonetics Research projected that despite a horrendous economy, the security SaaS market will grow at a rate of 46 percent annually for the next five years, making it by far the fastest-growing segment of the security services market.

Such explosive growth is a bit of a surprise, given the fact that SaaS security offerings have been around for more than a decade. Why has the market suddenly jumped onto the SaaS bandwagon? To help answer this question, Dark Reading recently interviewed the top executives at two of the oldest SaaS security providers: MessageLabs, which is now a part of Symantec and celebrated its tenth anniversary earlier this month, and ScanSafe, another 10-year-old SaaS provider, which was the first provider to launch a Web-oriented SaaS security offering.

Ten -- even five -- years ago, SaaS was a tough sell, says James Palmer, vice president of SaaS strategy at Symantec and a top executive of the MessageLabs unit. Many enterprises were reluctant to outsource any aspect of security to a third party, and there was serious doubt about whether an outsider could manage an "in-house" function as well as a dedicated IT staff.

"It was a little easier in the email space," Palmer says. "A lot of companies were already using a third party for email services, so it was less of a leap of faith to use a third party for email antivirus services. But it started very slowly."

Roy Tuvey, who co-founded ScanSafe 10 years ago with his brother Eldar, had similar memories. In fact, ScanSafe started out as an email and Internet marketing firm -- a hot business in 1999.

"We had entered into a joint venture with the leading Internet caf vendors around the world," Tuvey recalls. "When users would go into those cafs and use their Webmail accounts, all of that Webmail traffic would get routed by our data center in London, and we would introduce targeted marketing content. People would check their email and find a targeted ad, and that was our revenue stream. That helped us develop the genesis of the technology behind what we do today, which is scanning traffic for viruses and malware."

The early security service providers -- known then as application service providers (ASPs) -- were part of a wave of services that rolled out during the Internet boom, the executives recall. Many of those providers had weak business models and weaker balance sheets, and when the Internet bubble burst, so did they.

"A lot of ASPs went out of business, and that created skepticism in the market," Tuvey says. "There was a perception that a lot of service providers were not reliable or secure. And that made customers slow to adopt."

That situation began to change as the threat began to expand in the early 2000s, and enterprises became regularly bombarded by viruses with names like Code Red, Nimda, and ILoveYou. MessageLabs -- which now holds some 19 patents on anti-malware technology -- began developing services designed to stop or limit the impact of the viruses, which were a terror to clean up after infection.

"We marketed it not as a way to save money or staff, but as a more efficient way to solve the problem," Palmer says.

Later, when Web-borne viruses and other attacks came on the scene, ScanSafe began offering filtering and other security capabilities that went beyond Internet cafes and into larger network environments. Huge Internet service providers, such as AT&T, began offering ScanSafe's services, and users began to become more comfortable with the idea that they could get some of their security capabilities from an outside provider.

"The comfort level has changed because the need has changed," Tuvey says. "Every day, users spend more time on the Internet, and organizations depend on it more. They're dealing with distributed environments and geographies that don't lend themselves to hardware or appliances. Users are more mobile, and the threats are more complex. The confidence level [in SaaS] has shifted."

And how, Infonetics says. In fact, the research firm predicts that SaaS will be the single biggest factor in the rapid growth of the entire managed security services market, which is projected to grow 78 percent in the next five years. "Strong interest in SaaS and broad availability of SaaS offerings from a wide variety of players -- from network providers and security specialist service providers to large content providers and product manufacturers -- drive continued growth in the market," the Infonetics study says.

"We're a long way up the adoption curve now," Palmer says. "In the U.K., about 20 percent of the enterprises are already using some form of SaaS security services, and we see similar adoption in other parts of Europe and Asia. In the U.S., it's a little slower, at about 15 percent. But SaaS is very much the 'in' form factor now." Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...
CVE-2021-27196
PUBLISHED: 2021-06-14
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the...