IT experts say email SaaS predictions may be wide of the mark

Fortify says email SaaS predictions may be wide of the mark

8th April 09 - Fortify, the application vulnerability specialist, says that research from Gartner - which predicts a surge in the Software-as-a-Service (Saas) email in the next three years - may be a little off the mark, once companies realise the IT security implications of email outsourcing.

"There is nothing intrinsically wrong with SaaS-driven email, but companies need to be very careful to verify the service they are using has the required security technology and processes to meet regulatory compliance issues, as well as the infrastructure required to meet the needs of any organization," said Rob Rachwald, Fortify's Director of Marketing.

"There is also the issue of whether a firm's security can be enhanced to extend its protective envelope around the SaaS-driven email service, and perhaps interface with the service provider's IT security systems at an API level," he added.

Unfortunately, says Rachwald, not all SaaS-driven email services were created equal, and, as a result, some are better at security than others.

These issues, he explained, are what could short circuit Gartner's prediction that SaaS-driven email services will rise from one per cent of company take-up in 2007 to 20 per cent of the market by 2012.

It is interesting to note, he said, that Gartner also predicts a rise in the take-up of hybrid server/SaaS email systems by companies, which is likely to happen as major companies move to the benefits of Cloud Computing-based environments.

"The financial imperative for Cloud Computing is very strong, especially in these recessionary times but, again, the security issues involved may well temper many companies' move in this regard," he said.

"The big question, of course, is whether the financial imperatives will override the security requirements of companies considering migrating to SaaS-driven email. And that is the great unknown that causes us to question Gartner's otherwise excellent report," he added.

For more on Gartner's SaaS email predictions: http://preview.tinyurl.com/chdpy5

For more on Fortify: http://www.fortify.com

Source: Eskenzi PR
<>

A new trend in security Secure Web Gateway in SaaS mode

By Javier Peralta, Optenet Country Manager UK

To centralise the global security of corporate environments, a large number of companies are increasingly opting for a new generation of solutions based on the concept of Software as a Service (SaaS). Thanks to the falling cost and greater availability of fixed-line and mobile broadband services, SaaS solutions are not only viable considerations for small businesses, but for medium and large enterprises looking to streamline and centralise their client and server-side applications and services.

With this new software sales model, security applications are hosted by third party managed service providers and operators, while the actual day-to-day service application service is delivered to customers over the Internet ("in the cloud"). This model offers numerous benefits: a) lower implementation costs; b) fast deployment and service startup; c) "pay per use" pricing model; and d) reduced support requirements.

The traditional "one-to-many" SaaS model for security products, limited in terms of scalability and policy customisation, is facing competition from a new, more advanced model that offers the functionalities of a Secure Web Gateway in SaaS mode and, according to Gartner, promises to take 25% of the security markets by 2012.

The main advantage of deploying the SaaS SWG security model is that large organisations can act as service providers to address the needs of their various offices and their hundreds of thousands of end users, all from a single platform. Few organisations have the resources or space to deploy multiple local software gateways or appliances, and those that do deploy these solutions often lag behind in testing and deploying new versions due to the logistical constraints of servicing multiple remote locations. Such delays can themselves create security issues as known vulnerabilities and issues go unattended either for prolonged periods after updates become public, or are left altogether and thus can be leveraged by internal and external attacks.

The SaaS SWG system offers sufficient flexibility and granularity to be able to specify different security policies according to the criteria of each office or employee, individually or jointly, making the company's global security practices more effective. For example, if in an organisation, the anti-spam or web filtering applications are too restrictive for the performance requirements of a particular user, an administrator with the help of a web console that centrally controls the security application can easily adjust the settings for that user remotely. This supervision capability minimises overblocking and improves end-user productivity. Most importantly, it removes the need for local intervention either by remote staff or by sending IT support personnel to the remote location to reconfigure the application or appliance.

In short, with the SaaS SWG model, organisations can enjoy, through their service provider or trusted operator, a complete and customised security service with a 100% configurable management console, as if it were an exclusive service based on the isolated tenancy model but with the benefits the one-to-many model provides in terms of deployment, management and cost. However, the flexibility of the SaaS SWG means that the company purchasing the service from an ISP can also become a service provider in its own right or maintain an internal market for IT services. This becomes more important when the company, as customer, has a large estate of remote locations and users to manage such as a retail chain estate, franchises or global office locations. Rather than make regional SaaS SWG arrangements, they themselves can also act as service providers and deploy the suggested architecture to centralise the global security of all their offices and workers.

We have already taken advantage of the many-to-many model in our security product portfolio to offer operators, managed service providers and enterprises wishing to provide security centrally to all their offices, factories and other associated locations all the elements they need to enjoy, as a service, all the functionalities of an SWG with a multi-instance/multi-tenant architecture.

One of the main advantages is that SaaS SWG integrates with existing infrastructure using Active Directory, or any other company authentication directory, in order to manage users and access groups and apply settings both globally and individually. In this situation, multi-authentication enables multiple administrators to access the management console and define policies according to the requirements of each office.

Optenet is exhibiting at Infosecurity Europe 2009, the No. 1 industry event in Europe held on 28th – 30th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk

Optenet is a global IT security company that provides high-performance security solutions to service providers and large enterprises worldwide. Optenet’s technology protects 75 million end users around the globe, including the customers of many of the world’s leading ISPs and mobile operators, as well as employees of global enterprise organisations. The Company is a socially conscious organisation, committed to eliminating illegal content on the Internet, protecting children and supporting government agencies and non-profit organisations that share the same goal. For more information, visit http://www.optenet.com

Source: Infosecurity PR
<>