Security/Software as a Service and why it’s the way to go for the next five years

Companies should focus on their core business and not on IT or Security

In the current era, companies are spending 10-20% of their budget on IT and Cyber Security,  and both are fundamental to a  company’s success and growth. The last six months have demonstrated, more than ever, the importance of seamless IT operation to allow people to work from anywhere.

Traditional IT and Cyber Security models are to buy equipment up front, host the equipment in their data centers or offices, and pay for support, maintenance, and upgrades. With the introduction of Software as a Service (SaaS) or Security as a Service, this traditional approach will slowly move to pay-as-you-go instead of paying upfront. Only certain organizations or government facilities will stay with the pay-upfront option.

Let’s elaborate on the difference between SaaS and on-prem.

Customers buy the equipment with one, three, or five years of support and hardware replacement. There are also several support levels, such as 9-5, 24hr, and a dedicated technical account manager.

For hardware replacement, there are several models, such as the next business day, 4hr, etc. Every vendor may have slight varience in their programs.

The customer can decide on the availability of the service:

• Get appliance with two network cards, two hard drives and two power supplies
• Get two devices for redundancy
• Have two data centers redundant to each other with two devices in each data center and a way to load-balance the traffic.
  

As you may see, there are many options for achieving redundancy and improving service level and availability, otherwise known as SLA (Service Level Agreement).

The more hardware devices a company has, including hardware for virtual appliances or servers, the more people the company will need to have on staff to make sure all the devices are up, running, and healthy.

Here are some examples of work that needs to be performed regularly on hardware:

• Break and fix
• Upgrades
• Installation of new hardware
• Re-install of the operating system (OS)
• Updates on patches and vulnerabilities
• Scheduled reboots
  

If your main business is not IT or Cyber Security, why would the company employ people to do all this work, and more importantly,  how would someone do all this work if they are working from home?

SaaS model

In the SaaS model, the Vendor/Provider provides company access to the systems, and the company only needs to do policy changes, operational changes, or just use the system. Such a system could be HR, Payroll, Document share, Cyber Security endpoint vendor, Cyber Security Network vendor, and many others.. In such a model, companies can focus on their core business and not worry about operation issues, a reboot of the devices, cable patching, power outages, and other problems that come with such work. The vendors that provide such services are not foolproof.  Even the ones that are very big and redundant have downtime occasionally, but overall, the amount of downtime is much less compared to when the company is maintaining everything by themselves.

Let's review other benefits of SaaS:

• No need to do annual or quarterly upgrades on the platform (save a lot of money on professional services and failed upgrades)
• Get the latest software features in a matter of hours vs weeks or months with the on-prem devices
• No need to train engineers on the operation and maintenance of the new hardware
• Compliance ready; many enterprises are now required to be SOC type 2 compliant
• No need to maintain any server infrastructure on-premises
• No need to wait for multiple teams to enable a functionality or make changes (Install SQL servers, reinstall windows, install Linux, patch devices, fix network cable)
• No need to go to the data center for server reboots or RMA of hardware
• No need to scale or upgrade on-prem hardware when more functionality required
• Gets required SLA for your company; this part needs to be checked in advance to ensure the level of SLA is acceptable for your company and the end-users
• All the data is constantly backed up by the vendor
• Vendor provides seamless redundancy and high availability for access
• Already adapted to work with the majority of SSO/MFA providers
  

SaaS-based solution is the perfect fit for most of the companies. However, as always, not everything is one or zero. There will always be companies that require their Data to be located in certain regions due to governance and compliance regulations or for which the SLA will not meet their needs.  

My advice is to keep SaaS in mind in your research on how to deliver your next project. Please don’t forget to ask how they will secure your data and information.