Security as a Service – Resource Pooling

SECaaS, more commonly known as Security as a Service may be in the cloud, or more traditionally be hosted within the customer’s premises.  When you here this term used, people are talking broadly about how companies that have deployed hybrid and traditional enterprise networks using cloud-based services are viewing securing their data in the cloud.

Some of the advantages to SECaaS are the same essential characteristics know to cloud computing overall: Broad Network Access, Rapid Elasticity, Measured Service, ON-Demand Self Service and Resource Pooling.

Resource Pooling – This is where you should focus on the multi-tenancy aspect, whether on premises, or in the cloud.  We are talking about shared infrastructure, sometimes with your own subsidiaries, business units and customers, or with your competitor, adversary, or another noisy-neighbor.  With resource pooling, you can also focus on more actionable intelligence through mining data from many customers and in-house research to provide context to intelligence.  With SECaaS, you’ll gain more access to security professionals, gaining the advantage in 24×7 coverage, aggregating other’s knowledge…all without your company being in the recruiting business, in most cases.

While we focus on advantages and risks in SECaaS and resource pooling while gaining access to many security professionals, it is not a substitute for having your own internal risk management and security professionals.  No one will know the context of your business, or understand your systems and pertinent threats better than your own people.  Always keep in mind, you will not be able to outsource accountability, ever.

Bottom line, resource pooling adds diversity while being more than an outsourcing model for security management within SECaaS, it is an essential component in secure business resiliency and continuity when we also pay close attention to the new risk landscape these benefits present.  Using resource pooling can save time and money allowing your organization to transfer saved resources back into your core competencies.

While you navigate the security landscape in the cloud and begin to meet the various security professionals and tools they are vending, always keep a few experts with tools in your own toolbox for context.  Your internal experts will best be able to help navigate which security tools are worthwhile from the “snake-oil”.

That’s it for Resource Pooling in SECaaS, remember to ponder multi-tenancy in your risk evaluations and keep your own internal security experts close at hand when aggregating the new security intelligence you will have at your finger tips.  The world of BigData has come to security  intelligence and it is very easy to become overwhelmed.