Providing endpoint protection and other controls, Security as a Service offerings can play an important role in the cloud strategies of organizations. But before settling on a managed security solution, enterprises should walk through a careful decision-making process that evaluates several important factors.
During the first phase of this process, the organization determines whether a Security as a Service approach meets its security and business objectives. In cases where the approach seems logical, vendors can be evaluated to find the best balance of cost, performance and functionality.
Compliance concerns often heavily influence the selection of security controls, and this is especially true in the case of Security as a Service providers. Enterprises should carefully evaluate their compliance obligations and ensure that new service implementations won’t run afoul of regulators. In the case of merchants handling credit card data, organizations should ensure that vendors meet the requirements set out for Payment Card Industry Data Security Standard service providers. Healthcare organizations may need to enter into Business Associate Agreements with new providers to meet their obligations under the Health Insurance Portability and Accountability Act. These requirements should be verified so they won’t present a challenge prior to signing new provider contracts.
Security as a Service offerings must also fit within an organization’s existing IT service infrastructure. Whether an enterprise uses on-premises computing, other cloud services or a hybrid mix of the two, it should compare any potential cloud service with its list of existing services and ensure that the systems can function well together. For example, organizations seeking to outsource the analysis of security logs should verify that the provider can process logs from all components of the organization’s existing security infrastructure.
Support services are a key benefit touted by many Security as a Service providers, and enterprises often may choose between several levels of support. These tiers of support offer varying response times, access to dedicated representatives and other forms of assistance. They also come with hefty price tags; enterprises should carefully scrutinize support options and costs before signing on the dotted line.
Organizations should approach these decisions carefully, particularly because they involve security services. Choosing strong security service partners allows enterprises to rest easy, knowing that they have state-of-the-art security for their critical systems and sensitive information.
For more information on Security as a Service, read the white paper “Protection on Demand.”