Can You Say Security as a Service?

Security as a service is the future of security and it's future is now.

In the old days we used to code a lot. "What's that", you say? It was the day when we tweaked toggles on the front-end of the machine to bootload the system image, or loaded a paper tape to a memory location, loaded a card deck that had been punched at a teletypewriter, and used PDP LA 36 DEC Writers with a modem to type in programs.

We used vi, emacs, notepad, and XEDIT among many other editors. We invented many different assemblers, microcode, Fortran, Basic, Algol, Forth, C, APL, and Java among many other programming languages. And we learned how to manipulate and move data from one state to another, from one repository to another, and developed business workflwo software applications to automation business functions an d then later automate end-to-end business processes. And although we still code a lot today, what we do is changing from writing algorithms to move date, to using algorithms that operate on data to develop more predictive algorithms for interpreting data in this virtuous ML cycle that builds on past breakthroughs in ML.

And therein lies the rub for security. The future of security lies not in more whack-a-mole alternatives - although there are still a few breakthroughs to be made - but in where its code runs. In the old days security code ran on the local network. That's where real men ran security after all. Today it doesn't.  In fact, if security code is running on the local network it means the mediation the security control is implementing is one that cannot easily be scaled, inspected, analyzed, replicated, debugged, updated, modified, upgraded, or replaced.

The future of security code - or Apps in the vernacular of the day - run from the Cloud: and the future is here today. Whether it is antivirus, firewalls, IDS, SIEM, or anything else already on the market: it's all delivered via Cloud Apps today. Market research about the relationship between on-premises -vs- Cloud security service sourcing and use at one time showed a gradual diminution of on-premises security: with both appearing to approach a fifty/fifty asymptote.

But the asymptote between on-premises and Cloud Apps for security has been broken, and the direction the market is taking is to purchase security as a service. We would not be surprised to see a transition to a majority of security "code" or "Apps" running from the Cloud and a minority of it running locally on-premises in the future.

The when of this future is what is intriguing. It took about 25 years for the great overpopulation of on-premises silo security Apps to become the mainstream consumption model. We don't don't believe the transition to Cloud Apps will take anywhere near that long. Our best estimates to date would indicate the longest this will take is about 12 years with an average for mainstream use and adoption of six years or less. This is the time to put-your-seatbelt-on and get ready for the ride.

And the primary drivers of the faster migration to Security as a Service include:

  • A growing security skills imbalance balanced by Security bots from the Cloud
  • Neural network and ML security bringing intelligence from the Cloud
  • Security deceptions and information asymmetries from the Cloud
  • The great business Workload migration to the Cloud
  • A CapEx to OpEx migration as IT becomes service integration and management

What will you do?

  • Sit there and ignore the future?
  • Join the crowd six years from now?
  • Take the initiative to investigate the innovations available today?

My bet is that effectiveness for security goes way up once security as a service is introduced. We're already seeing this at company's where Cloud Apps are being used. And, we see few cases where effectiveness goes down. My argument is effectiveness trumps style and wins the day: the question is, when for you.

Featured Research

2018 Cyber Security Spend Report

The 2018 Cyber Security Spend Report focuses on global spend today through the coming five years. Did you know that global spend on cyber security is: More than $103 billion today Will exceed $130 billion by or before 2022 Today’s top two spend categories account for almost 50 percent of spend by enterprises today. The

Innovative Digital Business Models

Is your company making money using some of the innovative digital business models of the future, today? If not, it is important to understand what some of the new digital business models are, what they are best used for, who should consider using them, why they are important, and when they should be used. Not