Can You Say Security as a Service?

Security as a service is the future of security and it's future is now.

In the old days we used to code a lot. "What's that", you say? It was the day when we tweaked toggles on the front-end of the machine to bootload the system image, or loaded a paper tape to a memory location, loaded a card deck that had been punched at a teletypewriter, and used PDP LA 36 DEC Writers with a modem to type in programs.

We used vi, emacs, notepad, and XEDIT among many other editors. We invented many different assemblers, microcode, Fortran, Basic, Algol, Forth, C, APL, and Java among many other programming languages. And we learned how to manipulate and move data from one state to another, from one repository to another, and developed business workflwo software applications to automation business functions an d then later automate end-to-end business processes. And although we still code a lot today, what we do is changing from writing algorithms to move date, to using algorithms that operate on data to develop more predictive algorithms for interpreting data in this virtuous ML cycle that builds on past breakthroughs in ML.

And therein lies the rub for security. The future of security lies not in more whack-a-mole alternatives - although there are still a few breakthroughs to be made - but in where its code runs. In the old days security code ran on the local network. That's where real men ran security after all. Today it doesn't.  In fact, if security code is running on the local network it means the mediation the security control is implementing is one that cannot easily be scaled, inspected, analyzed, replicated, debugged, updated, modified, upgraded, or replaced.

The future of security code - or Apps in the vernacular of the day - run from the Cloud: and the future is here today. Whether it is antivirus, firewalls, IDS, SIEM, or anything else already on the market: it's all delivered via Cloud Apps today. Market research about the relationship between on-premises -vs- Cloud security service sourcing and use at one time showed a gradual diminution of on-premises security: with both appearing to approach a fifty/fifty asymptote.

But the asymptote between on-premises and Cloud Apps for security has been broken, and the direction the market is taking is to purchase security as a service. We would not be surprised to see a transition to a majority of security "code" or "Apps" running from the Cloud and a minority of it running locally on-premises in the future.

The when of this future is what is intriguing. It took about 25 years for the great overpopulation of on-premises silo security Apps to become the mainstream consumption model. We don't don't believe the transition to Cloud Apps will take anywhere near that long. Our best estimates to date would indicate the longest this will take is about 12 years with an average for mainstream use and adoption of six years or less. This is the time to put-your-seatbelt-on and get ready for the ride.

And the primary drivers of the faster migration to Security as a Service include:

  • A growing security skills imbalance balanced by Security bots from the Cloud
  • Neural network and ML security bringing intelligence from the Cloud
  • Security deceptions and information asymmetries from the Cloud
  • The great business Workload migration to the Cloud
  • A CapEx to OpEx migration as IT becomes service integration and management

What will you do?

  • Sit there and ignore the future?
  • Join the crowd six years from now?
  • Take the initiative to investigate the innovations available today?

My bet is that effectiveness for security goes way up once security as a service is introduced. We're already seeing this at company's where Cloud Apps are being used. And, we see few cases where effectiveness goes down. My argument is effectiveness trumps style and wins the day: the question is, when for you.

Leave a Reply

You must be logged in to post a comment.

Featured Research

Spend on Security

Is your organization underspending on information security? If you’re like most, spending on information security lags far behind other priorities. Only during the past few years has spend on information security started to increase, but it still lags behind. In this Research Report, Wellington summarizes findings from research conducted with thousands of organizations to highlight

The Wizards of Tech

Find out how the unspoken issues of culture, incentives, business strategy, and people impact your life, and the utility of the technology products and services you rely on to operate your business. Download the full report – The Wizards of Tech – today!