$this->articleCE->primaryUrlById(3838151) = /security/article.php/3838151/Businesses+of+All+Sizes+Get+SaaSy+About+Security.htm
Businesses of All Sizes Get SaaS-y About Security - InternetNews.
RealTime IT News

Businesses of All Sizes Get SaaS-y About Security

Whether you're the CIO of a Fortune 500 conglomerate or a one-man band running a boutique brokerage firm, the days of simply downloading and installing the latest antivirus software to your PC are over.

With the proliferation of mobile devices, social networking sites and the growing dependence on user-generated content for business purposes, analysts say the breadth and depth of gaping security holes grows faster and more insidious by the hour.

Throw in the fact that employees have a nasty habit of downloading stuff they shouldn't while at work -- and installing devices and applications that are usually riddled with vulnerabilities that hackers love -- it's easy to understand why more companies are turning to Software-as-a-Service (SaaS) security vendors to lock down their ever-expanding organizations.

Gartner predicts that the so-called security-as-a-service market eclipsed $820 million in sales in 2008, up from $643 million in 2007, and will continue to grow at a compound annual rate of more than 30 percent for the next three years.

If these analyst predictions are on target, companies will spend in excess of $3 billion by 2012 for this cloud-based solution to their omnipresent security concerns.

"Gartner clients are showing increased inclination toward deploying security SaaS solutions in threat- and vulnerability-focused markets where up-to-date protection and expertise is paramount," Gartner analyst Arabella Hallawell said. "Security as a service also offers the potential for lower-cost delivery of security controls and functions with faster implementation cycles."

That's likely to be a major selling point in today's increasingly complex security environment. Hackers, phishers and other ne'er-do-wells have figured out that employees love to use security-challenged sites such as Twitter and Facebook or read blogs on company time.

And when popular videos hit YouTube, such as the infamous illegal peephole video recording of ESPN reporter Erin Andrews, or when big news stories like the devastating wildfires in Southern California take flight, hackers seize the opportunity to infect PCs with worms, viruses and other malware.

With so much data circulating through the corporate network, CIOs increasingly are turning to companies like Zscaler, ScanSafe and Webroot to safeguard their networks. Not ready to relinquish their stranglehold on the enterprise security market, both Symantec and McAfee made significant acquisitions in the past year, adding security-as-a-service providers MessageLabs and Secure Computing, respectively.

"Historically, security was an appliance market," said Michael Sutton, vice president of security research at Sunnyvale, Calif.-based Zscaler. "Increasingly, companies are just forwarding their traffic to us. We have the gateways that all your traffic flows through. We can handle all your mobile users while someone using an appliance solution has to have all its traffic go through that appliance."

Sutton said there's been an unambiguous shift in malicious content. Now, worms and viruses are taking up residence in Web platforms like MySpace or Facebook -- essentially operating systems on the Web. In years past, most malicious code and content made the comparatively simple migration from one PC to another or one server to another.

"We're seeing more and more Web-based worms that live in that ecosystem," Sutton said. "That's a much more challenging and expensive environment for a traditional appliance-based organization to manage."

Zscaler recently completed an in-house study of a pair of its customers and found that one 40,000-user organization visited more than 48 million URLs in a single day and more than 83,000 of those sites contained malicious content. Moreover, each user encountered an average of two infected links or URLs each day.

"Enterprises need to realize that security issues aren't what they used to be," Sutton said. "I'm not saying you don't want to run standard antivirus software. It's just not enough and it's not going to tackle all these new Web-based problems."