Upload
rinky25
View
1.648
Download
1
Tags:
Embed Size (px)
Citation preview
The Path to Security as a Service (SaaS)
Gerhard EschelbeckCTO & SVP EngineeringWebroot
The Best Security in an Unsecured World.TM
Agenda
• The Evolution of Application Delivery
• SaaS and Security Applications
• Ten Questions to Ask Your SaaS Provider
• Inside View from a Provider’s Perspective
The Best Security in an Unsecured World.TM
Rewiring the World
“A hundred years ago, companies stopped generating their own power with steam engines and dynamos and plugged into the newly built electric grid. ... Today, a similar revolution is under way. …. This time, it’s computing that’s turning into a utility. “
Nicholas Carr - http://www.nicholasgcarr.com
The Best Security in an Unsecured World.TM
The Evolution of Application Delivery
• Traditional On Premise Installed ApplicationOn premise hardware, server, network, database, backup provisioning at customerOngoing maintenance and management performed by customerCustomer is responsible for providing logical and physical securityTypically lengthy rollout/update cycles
• Managed Service ApplicationApplications installed, managed and maintained by a third party High involvement of human resources for application managementInstallation on customer premise or also centralised modelMost applicable for highly specialised applicationsTypically single tenant (dedicated systems) off-the-shelf applications
• Software as a Service (SaaS)Typically no (or very limited) on-premise hw, server, database, backupSaaS vendor provides all maintenance, management, infrastructureApplication usage via browserEconomy of scale due to full automation from the providerFast rollout and innovation/update cyclesMulti tenant architecture (multiple customers share some or all layers of the stack)
The Best Security in an Unsecured World.TM
SaaS Deployment Models
• Pure SaaS applicationWeb browser is single interface point with customerAll intelligence is centralised at SaaS providerLimited integration between customer and SaaS providerExamples: CRM, Email filtering, Payroll, Customer support applications
• SaaS with customer side software agentWeb browser is interface point with customerAdditional small client-side software agent (permanent or transient)Enables stronger integration of customer systems and SaaS serviceExamples: Application sharing, Web-filtering, Online-Backup
• SaaS with customer side applianceWeb browser is interface point with customerAdditional hardware appliances (remotely managed) on customer premiseEnables deep integration of customer systems with SaaS providersExamples: Intrusion Detection, Security Management, Vulnerability Assessment
The Best Security in an Unsecured World.TM
SaaS Deployment Architecture
Persistent & Redundant Storage LayerApplication Logic / Data Segregation
Presentation/Web Layer API InterfacesGlobal Load Balancing and Security
Customer
Customer
Customer
High Speed Data Processing Engines
The Best Security in an Unsecured World.TM
Why Security SaaS makes Sense
• Subscription model (pay as you go, per user, per time)
• Reduced risk (performance, uptime, reliability, scalability)
• Lower rollout cost
• No additional IT overhead
• Improved security
• Rapid deployment and implementation
• Compliance requirements (audit trails, archiving, logging)
• Allows to focus on core business
The Best Security in an Unsecured World.TM
Delivering Security Applications via the SaaS Model
The Best Security in an Unsecured World.TM
Web Security and Content Filtering
• Challenge: The changing threat landscape - Massive explosion of malware variants is challenging existing signature based desktop and gateway solutions
• Multi-engine approach is required - Unlimited processing power in the cloud
• Global and aggregate threat view allows better decision making• Moving protection layer closer to the source of the malware• Analyse inbound and outbound HTTP content in the cloud• Transparently filter and remove malware and categorise/block
unwanted websites
The Best Security in an Unsecured World.TM
Web Security and Content Filtering
The Best Security in an Unsecured World.TM
Email Filtering, Archiving and Management
• Challenge: Sharp increase in spam and email-born malware (high network bandwidth utilisation)
• Multi-level engine approach required to catch spam, zero-day exploits, virus, Spyware
• Moving protection layer closer to the source of spam/malware• Transparently analyse inbound and outbound emails for
content, spam and malware as well as content leaks• Email archiving to satisfy compliance requirements
The Best Security in an Unsecured World.TM
Email Filtering, Archiving and Management
The Best Security in an Unsecured World.TM
Vulnerability and Compliance Management
• Challenge: Requirement for third party security assessment and compliance management
• Discovery, assessment, and prioritization
• Internal and external view
• Validation against security policies
• Remediation tracking
The Best Security in an Unsecured World.TM
Ten Questions To Ask Your SaaS Provider
• Existing customers and deployment size
• Service renewal rates
• Financial strength
• Availability of integration capabilities
• Ability to customise the SaaS application
• Global datacenter footprint
• Availability of training
• Quality and presence of customer support
• Frequency of major and minor updates
• Service level commitments and actual performance
The Best Security in an Unsecured World.TM
Service Levels
• Service availability and reliability• Latency and performance• Effectiveness• Accuracy• Security
SLAs should be objectively defined and regularly measured and reported by the provider
SLAs should be enforced through clear consequences
The Best Security in an Unsecured World.TM
Security Considerations
• Data storage model and architecture (encryption)
• User account management (provisioning, roles, permissions)
• Identity management (single-sign-on)
• Security process and certifications (SAS 70, ISO)
• Backup, recovery, physical hosting facilities
• Business continuity
The Best Security in an Unsecured World.TM
The Inside View from a Saas Provider
• Known platform provides better application quality
• Global deployment and distribution
• Simple application/revision management
• Load management and scale driven by business growth
• Instant update for all customers
• Ability to scale quickly - unlimited scalability
• Integrate and deliver best-of-breed technologies
• Strong customer commitment and support is critical
The Best Security in an Unsecured World.TM
Summary
• SaaS empowers the user/customer
• SaaS delivers a high level of customer commitment and service, as switching is relatively easy
• Deploy and leverage applications that are truly SaaS ready