Software as a Service (SaaS) is an emerging market that is expanding from traditional back-office applications...
to fully managed streaming services offering entire virtualized desktops on demand. With players like Microsoft and Google focusing on this space, the market will drive adoption based upon the quality and utility of the applications that can be outsourced.
Many companies already use services like Salesforce.com or WebEx, and there are security vendors such as Qualys that provide typical onsite security services as on-demand, cloud-based offerings.
In the traditional world of corporate-hosted applications and data, security VARs are struggling to cope with the amorphous use of information. As applications and information become more distributed, the job of securing it gets more complicated.
SaaS provides a way of re-centralizing certain assets and information, albeit on someone else's watch -- one of its biggest drivers is the assignment or transference of risk. Thus it becomes the SaaS vendor's primary responsibility to protect the data used by the outsourced applications.
Security VARs should help clients test the security ramifications of SaaS deployments. Managing the risks associated with confidential data housed elsewhere means that best practices such as information/data classification become more important. Assisting customers in performing due diligence on third parties provides real added value. Penetration tests and security process/protocol validation, including incident response opportunities, are also in high demand.
Think about the impending SaaS revolution as an opportunity to expand your practice competencies and build experience with performing risk-based business impact assessments that will help your customers make better, and more secure, business decisions.
Related Q&A from Christofer Hoff
Learn why companies that place too much emphasis on security regulatory compliance run the risk of neglecting a full-orbed structured assessment ...continue reading
Data leakage prevention (DLP) has become a feature of much larger information-centric lifecycle management suites of large companies with expansive ...continue reading
Learn why the upcoming changes to the Payment Card Industry Data Security Standard (PCI-DSS), designed to prevent further corporate data breaches, ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.