Security delivered from the Cloud through a Software-as-a-Service model can act as a supplement to on premise security software and form part of an effective hybrid model. By Prashant L Rao
“Gartner expects the market to grow fast, especially managed security services that are expected to double,” said Baburaj Varma, Technical Head, Trend Micro, India & SAARC.
“Adoption of security services is growing in India. Cloud security is cannibalizing the on-premise market,” felt Rishikesh Kamat, Sr. Product Manager – Infrastructure Management & Managed Security Services, Netmagic Solutions.
“People don’t want the headache of dealing with security themselves so putting it on the Cloud helps do away with that. India is still conservative and mostly an on premise market. Going forward, slowly, it will shift to the Cloud. It’s not that popular in India at this point,” said Mohit Puri, Country Head, WatchGuard, India & SAARC.
What’s popular
The popular security services are endpoint protection, e-mail security and secure Web gateways. Not coincidentally these are usually the most popular solutions from an on premise perspective as well.
According to Netmagic, secure Web gateway and e-mail anti-spam/anti-virus through the Cloud were the most popular security SaaS offerings. “It’s a $25 mn market that’s projected to grow 20% YoY for the next three years,” commented Kamat.
“Across the world, and in India, our most popular SaaS offering is the endpoint solution,” said Murthy from McAfee.
Netmagic offers end user protection (Secure Web gateway), e-mail, availability (DDOS), intrusion detection, security assessment (penetration testing) and IAM. “The first three-four are more popular. Almost every organization needs these services and most of them have deployed these on premise and know the value of the same. The later ones haven’t found adoption on premise in the Indian market,” added Kamat.
Who’s using it
Contrary to popular opinion that the public Cloud will be an SMB play, some vendors felt that large enterprises had been quicker off the bat than SMBs when it comes to consuming security services.“Large enterprise adoption of the public Cloud has been better than that of SMBs. They need a huge IT resource team to manage security software/appliances for multi-location deployments. They would need data centers and manpower to manage the same. Cloud-based security gives the flexibility to these companies to roll out IT security policies in a jiffy. With a central console they gain a holistic view across the enterprise,” said Symantec’s Prakash.
Still others argued that SMBs were indeed the target market for security services although enterprises would also adopt them in time. “The target market is SMBs. You will see enterprises start to adopt these services in the coming years through managed security service providers. India is still picking up when it comes to the Cloud,” said Trend Micro’s Varma. Talking of the value proposition for various categories of organizations, he said, “SMBs find the OPEX model to be an attractive one. From a service provider’s perspective, it can reach out to tier 2-3 cities as location becomes irrelevant with the Cloud. The need exists in enterprises but they have global policies and licenses of on-premise software that have already been purchased. Despite that, there is interest even in the enterprise segment.”
Then there’s the hybrid model which combines the benefits of on premise software with Cloud-based security delivery. “As enterprises grow, the number of remote workers that they have also grows. They have security policies for people working on campus but the policies aren’t necessarily applied to road warriors. We offer a hybrid solution for the large enterprise. For people who come in to work, they can use an ePolicy Orchestrator (ePO)-based solution. For people who connect remotely, with SaaS, so long as those machines are connected to the Net, the policies and protection get updated right away. We created a plugin between ePO and our SaaS management console where all of this information can be consolidated into one view,” said McAfee’s Murthy.
Real-time protection
“It’s all about faster protection as the updation occurs in real time. No provider can update the signatures fast enough to deliver it to each and every endpoint worldwide in real time. By keeping the signatures in the Cloud, the endpoint solutions refer to that. The threats are blocked at the source before they reach the customer. In the case of spam, you are saving a lot of bandwidth. The customer doesn’t need to worry about CPU requirements for filtering out spam and malware,” commented Varma, Trend Micro.
WatchGuard’s Puri said that the RoI was going to be better as the TCO of Cloud security was lower.
“Today you have third party data centers and SaaS. At the same time, road warriors, customers and partners all have access to an enterprise’s apps. The organizational perimeter is virtual and omnipresent. With on premise solutions, it becomes difficult to figure out where to put the controls. The Cloud, however, is omnipresent and can protect the virtual organizational perimeter. There’s in built redundancy in the Cloud resulting in high uptime. A Cloud-based secure Web gateway, protects all Web access from or to the customer organization,” said Netmagic’s Kamat outlining some of the benefits of a Cloud-based security solution.
Then there’s the fact that CIOs can pretty much sign off on the dotted line and stop worrying about achieving their security goals as the burden rests with the Cloud service provider. “In a three year timeframe, the Cloud justifies the investment in terms of TCO and RoI. With an on premise investment, the ownership and onus lies with the customer. In the Cloud, the delivery onus is on the vendor. In terms of upgrading the security posture, the Cloud has an advantage,” said Prakash, Symantec.
Psychological concerns remain
What’s holding back adoption is pretty much the same as what’s stopping CIOs from adopting public Cloud solutions in general. There are doubts and concerns about handing over the keys and worries about how secure the Cloud is only get worse when the Cloud service in question pertains to security.
A hybrid model
While the vendors were confident that the adoption of Cloud security services would pick up over time, they also felt that there was no question of wholly doing away with on premise solutions. The consensus was that a hybrid model was the way ahead.
“Five to eight years down the line there will be higher penetration of SaaS in the large enterprise by virtue of cost and lack of IT staff,” predicted McAfee’s Murthy.
“While there will be a significant shift towards Cloud-based security there are certain aspects of security that can never be delivered from the Cloud,” said Kamat of Netmagic. First you need to identify the data. If it’s in transit you can protect it in the Cloud. If it’s at rest on a laptop or in the company data center, you will always need an on premise solution.
prashant.rao@expressindia.com