Tickr has been able to quickly and easily add email accounts and CRM application user accounts as the company has grown over the past few years. Having the ability to purchase exactly what the company needs when it needs it has led to lower overall costs for technology, including reduced maintenance expenses. Mukherjee says Tickr has seen significant savings from using cloud services, but he would not provide specifics.
The company, which began using security-as-a-service in March 2012 when the Symplified service went live, expects to see the same type of time and cost savings with the security applications, compared with procuring traditional on-premises software licenses for similar technologies.
Another benefit is ease of use, Mukherjee says. The single sign-on and identity management capabilities required no training for end users. "If there had to be training, people [in the development operation] would have rejected this," he says. "The whole point was to have time savings, so it had to be quite efficient."
Cox Communications, a broadband communications and entertainment company in Atlanta, relies heavily on two security-as-a-service offerings. One is for vulnerability management and one for application security static and dynamic analysis, says Jay Munsterman, director of security engineering.
Static analysis is automated review of source code or binaries, and dynamic analysis pertains to live Web applications, Munsterman explains.
"Both services [provide] us with access to mature resources that [are] faster and less expensive than doing it in house," Munsterman says. "Using cloud services keeps us current against new and emerging threats at a pace that would have been extremely challenging to maintain otherwise."
The applications are full featured and for the most part fully configured on day one, Munsterman says. "We didn't have to go through a long deployment/configuration process," he says. As for expense, while the services "aren't cheap options, [I] don't need to maintain staff whose only value add to the company is maintaining the platforms," he says.
But there were quite a few reservations about going to the cloud for security, Munsterman says, especially when it came to housing the company's intellectual property and vulnerability information with a third party, outside of the walls of the Cox data center.
"We were fine with the concept of outsourcing various business processes; that has been the standard for years," Munsterman explains. "But security functions were thought to be among the un-outsourceable. Security was regarded as a function that must be held close."
When Cox went into its first RFP for security-as-a-service, there was a vendor in the running that Cox executives assumed wouldn't make the cut, Munsterman says. "When they came out on top we were all surprised," he says. "Having a solid, neutral evaluation standard ensured that we saw the offer for what it was and not what we were predisposed to see."
Sign up for Computerworld eNewsletters.