Many early stage cloud vendors have it backwards when it comes to offering cloud-based services. They implement Software as a Service (SaaS) first to demonstrate their vision and then develop enterprise integration features. But the right way to go about it is to support corporate clouds in early product releases.
IT is typically conservative about business risk and likes to retain control over sensitive data and applications. Security SaaS vendors may be better served by allowing IT to start by hosting its own private cloud service, integrated with existing data repositories and administrative systems and then provide a path to the full cloud application environment.
Security SaaS vendors placing services in the cloud have had to overcome the barriers posed by conservative IT practices. Qualys Inc., one of the earlier vendors offering a vulnerability scanning service, overcame risk management objections to having corporate vulnerability details accessible off-site in the cloud. IT does embrace the concept once they become comfortable with the security, operational savings and pay-as-you-go cost structure. A quick survey of young privately-held security SaaS vendors shows progress in segments, such as identity management and access control, log management, secure document handling and virtual desktop distribution. They serve as early examples of the variety and innovative ideas in security:
- Alert Logic Inc. manages log management as a service to help companies meet compliance obligations. Instead of investing in servers, storage and personnel, the AlertLogic service transmits data from customer premise equipment through the cloud where the data is stored, archived and compliance reports generated. Security is paramount to customer acceptance since attackers could build a blueprint of the business infrastructure from log data.
- Confidela offers secure document services that allow sharing of confidential information while protecting against unauthorized printing, faxing, forwarding or saving to local storage. The SaaS approach allows Confidela to deliver RMS features without the need for a kernel-mode agent or the need to deliver the confidential document to the endpoint. The challenge will be convincing corporations to place their sensitive documents in the hands of a SaaS service.
- Moka5 Inc. provides a service optimizing delivery performance of clean virtual desktops. The SaaS model allows MokaFive to distribute reference copies of virtual desktops throughout the cloud where authenticated end users can rapidly stream their desktop to locally execute business applications from home or other remote locations. The company will have to overcome IT resistance to hosting corporate desktops in the cloud.
- Symplified Inc. manages corporate identity and access control as an Internet service. The Symplified “identity cloud” supports authenticated identity services to end users including access control to SaaS and Web applications, single sign-on, and full usage auditing. The hurdle that must be cleared is assuring IT that corporate identities can be securely maintained in a cloud service and the business will not be at risk due to a breach in the Symplified service.
- FastScale Technology Inc. is not a SaaS vendor, but is a vendor enabling cloud applications in a manner that virtual machine management products will mimic. FastScale automates the creation of server systems with compliant configurations of software packages. In addition to saving IT effort in creating physical and virtual servers, the company also creates servers compliant with EC2 for deployment in the cloud. This makes it easier to migrate existing applications into the cloud and is on the leading edge of a compelling trend.
About the author: Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.