Is Security-as-a-Service about to have its day?

An alternative to expensive on-prem tools and a solution to a cybersecurity skills shortage.
5 August 2019

Bitfender headquarters in Romania. Source: Shutterstock

Cybersecurity is an expensive and complex ordeal. Attackers and the tools they use have become more sophisticated by the day, and as businesses increasingly move operations into the digital realm, wider attack surfaces are exposed. 

With sledgehammer fines awaiting those in breach of regulations (such as GDPR), meanwhile, the cybersecurity market has boomed as every business with a digital presence has scrambled to on-board the latest cybersecurity tools and solutions. 

According to the IDC, global spending on security hardware, software and services will top US$103 billion in 2019— up 9.4 percent on last year— while it’s expected to continue growing by 9.2 percent until 2022. 

The rise of Security-as-a-Service

Enterprises previously had to rely on their IT teams ability to build and maintain their own complex, internal web of cybersecurity tools. As well as technical integration and deployment, that also means monitoring for threats, regularly testing defenses and keeping apace of the changing threat landscape. 

But with the emergence of Managed Security Service Providers (MSSP) and Security-as-a-Service— facilitated by advancements in cloud technology— more firms are choosing to outsource the headache to security specialists. 

According to the same IDC study, MSSP will be the largest category of spending in 2019, driving more than US$21 billion throughout the year. 

Drilling down into why businesses are increasingly outsourcing their security practices, Thycotic— a specialist in privileged access management— surveyed a number of IT managers and technology decision-makers. 

MSSPs alleviating the burden

It found that these third-party security specialists were providing solutions to combat “rapidly escalating” threats and costs. 

Perhaps most significantly, however, these tools are alleviating companies from a cybersecurity skills shortage— an issue which has affected nearly three-quarters or organizations (73 percent), according to the Information Systems Security Association

The growing popularity of Security-as-a-Service tools and MSSPs is such that 2 out of 3 companies are now either already using them, or plan to within the next 12 months. By 2021, more than 70 percent of companies will be using these external tools. 

The findings could suggest a forthcoming upset in the cybersecurity solutions market, as customers back away from individual, specialist tools, instead opting for providers who can offer a full suite of protective measures at a flat rate.

As well as being less costly than an on-prem arsenal, cloud-based security solutions offer faster IT services delivery, greater flexibility, and can be a viable option for those companies lacking rare cybersecurity nouse. 

Outsourcing this work may lift a weight off the shoulders of some organizations which have struggled to ensure they are adequately protected round the clock. 

For MSSPs and Security-as-a-Services providers themselves, on the other hand, there is a great burden to demonstrate that they’re up to the task. 

Of course, investing in MSSPs and Security-as-a-Service tools doesn’t mean organizations and their IT teams should take their eye off the ball in regard to their cybersecurity— ensuring secure processes are in place and that staff follows correct procedures should remain a high priority.

What it does mean is that many of the more complex and time-consuming processes involved in cybersecurity could be lifted from the IT function and left to the experts, allowing organizations to focus on driving their business forward, not just keeping it airtight.