What security decision makers should
know about Software as a Service.
Shared infrastructure is already commonplace
We live in a converging world where voice, telephony, business applications, and security traffic now move up and down the same communications infrastructure within organizations. While this may come as no revelation, there was a time not long ago where the very notion of using a shared resource to move security traffic was met with many objections from IT and Security personnel alike. Issues related to bandwidth, availability, and service are all items that have required discussion, definition, and consensus for organizations to unite systems and deliver solutions to meet the many technical needs of an enterprise security system.
Sharing an organization’s infrastructure is not free
While some organizations are convinced that owning and controlling their entire IT infrastructure and the applications is the most efficient approach for their business, recent research from the Yankee Group, Gartner, and others suggests otherwise when compared to adopting a Software as a Service (SaaS) model.
Because many organizations’ security systems now have the associated servers and applications managed by IT, the cost for management is regularly apportioned, taking into account the cost of software maintenance, servers, and the personnel who maintain them, as well as the shared overhead of the infrastructure.
As IT costs continue to escalate, organizations review what is “non core,” what makes sense to outsource, and what is strategic to the business mission to buy and manage.
Raising the bar: does the dedicated expertise of SaaS translate to high availability and less risk?
For organizations considering outsourcing business applications, the savings available using SaaS are compelling, because of the scale of economy that SaaS provides to deliver best value for the budget. Expert SaaS providers with larger infrastructures now deliver not only what the corporate data center did, but with a specialty focus and greater attention to redundancy and availability.
Consider this: most organizations cannot justify the in-house implementation of the triple redundant, high availability systems that SaaS providers offer as standard, and therefore have to settle for greater risk and downtime when security applications fail.
Do capital costs really disappear with SaaS?
When organizations consider all costs associated with purchasing, maintaining, and upgrading applications, SaaS is a compelling choice because the core application, infrastructure, and maintenance are all outsourced. But who owns the actual application and the cost to purchase and regularly upgrade it?
This aspect of the total cost of ownership is worth examining. The customer owns what is most valuable to them—the data—but is not shackled with the cost of owning and maintaining the application, as is the case when self managed at a corporate data center.
Therefore, the overall cost of ownership is significantly reduced because it is shared across the entire user community, and delivered as an “on demand” subscription service. This model is like a utility service; you pay only for what you use, without owning the core infrastructure.
The flavor of SaaS is important
With mature SaaS applications, all users collectively, across many organizations, utilize the same application while enjoying separate data. Note the word mature. This is a flag for those considering SaaS. If you are offered a “separate instance,” in effect, you get a “standalone version.” In many ways, this replicates the corporate data center model and does not have the same cost benefits that a true, multi-tenant SaaS application offers. Multi-tenant design is at the heart of, and the very principle of mature SaaS software.
Compare paradigms
Table one looks at the phases of the security system lifecycle and compares company hosted to the cloud-based SaaS model. In addition to the comparison, it lists eight points to consider when comparing self-hosted to cloud-hosted SaaS.
Table One: SaaS Ownership Analysis
Posts
