SECaaS (Security as a Service)
For several years now, we have been evolving our technologies towards Cloud environmentsThe growth of environments SaaS, PaaS and IaaS have been spectacular and most medium and large enterprises already have part of their infrastructure in public cloud environments.
Although more obscure by its acronym SECaaS (security as a service) was one of the first services to be offered as an on-line service. Those of us who are a few years old lived through the time when the antivirus companies offered to check your computer remotely and, as far as I remember, this was the first service that was offered as an online service. first SECaaS service to be generalised
But the evolution of security has also turned towards being a shared service, we can now contract VPN without having a terminator on our premises, or a proxy that allows us to filter traffic and of course the fashionable piece, the SIEMs are moving to Cloud environments or are already natively born, A clear example is Azure Sentinel.
But why is it better to have these services in SECaaS, Well, there are several reasons, which I will describe below:
- It is easier to have a security team with a very high level of shared expertise than to have one dedicated to us (especially in terms of cost).
– Knowledge is pooled and spread to other customers. A very clear example of this shared knowledge are the proxies, if I have a local proxy I will capture and control the traffic that it is able to generate, being able to have dominoes that escape our knowledge as malicious and we take time to block them, but if we put together the traffic of thousands of companies it will be easier to have an early warning (share knowledge).
- Secure configurations, we delegate the security configuration to the company from which we contract the service, as well as its maintenance. For this reason, it is very important to read the contract that is signed as it will contain the guarantees of this work and the responsibility of the provider.
– Zero Trust, is the guiding principle of these services and guarantees us as a customer a high level of service and availability.
– Flexibility in deployment, computation and scaling, SECaaS environments offer us the flexibility to use only what we need, with the computing capacity adjusted to our needs and with the possibility of scaling services on demand, which brings us back to the cost savings of using only what we need.
But it's not all pretty, there are also drawbacks that we must be able to catalogue and decide whether the advantages outweigh the disadvantages.
– Lack of visibility: no it is usual to have information on the installation or comparative data they handle.
– Regulation and data: the service may be provided from a location that is affected by local data protection laws or the data you provide may not be sufficient to comply with the laws, again it is highly recommended that you read the contract to be clear on this point as it should be stated.
– Isolation: It is always a very important concern to have a good segregation of data so that it does not get mixed up with another client's data or so that another client, due to bad isolation, can access our data.
– Change of supplier: We can find ourselves stuck with one provider when trying to move to another because of reluctance to migrate data and lose our history.
Now all that remains is to choose or decide: is it better to keep our security or to hire a service?
As always to this question I will say "it depends", there are many factors to be taken into account in each company and they must be evaluated by the security managers of the organisation as well as the company's governing bodies in order to make the most appropriate decision.
Even if we decide on a service SECaaS alerts must be heeded and treated do not forget this.