Software as a Service (SaaS) is an emerging market that is expanding from traditional back-office applications to fully managed streaming services offering entire virtualized desktops on demand. With players like Microsoft and Google focusing on this space, the market will drive adoption based upon the quality and utility of the applications that can be outsourced.
Many companies already use services like Salesforce.com or WebEx, and there are security vendors such as Qualys that provide typical onsite security services as on-demand, cloud-based offerings.
In the traditional world of corporate-hosted applications and data, security VARs are struggling to cope with the amorphous use of information. As applications and information become more distributed, the job of securing it gets more complicated.
SaaS provides a way of re-centralizing certain assets and information, albeit on someone else's watch -- one of its biggest drivers is the assignment or transference of risk. Thus it becomes the SaaS vendor's primary responsibility to protect the data used by the outsourced applications.
Security VARs should help clients test the security ramifications of SaaS deployments. Managing the risks associated with confidential data housed elsewhere means that best practices such as information/data classification become more important. Assisting customers in performing due diligence on third parties provides real added value. Penetration tests and security process/protocol validation, including incident response opportunities, are also in high demand.
Think about the impending SaaS revolution as an opportunity to expand your practice competencies and build experience with performing risk-based business impact assessments that will help your customers make better, and more secure, business decisions.
This was first published in November 2007