What is security as a service?
Simply put, security as a service (SECaaS) is a way to deliver security technologies—which are traditionally found in enterprise data centers or regional gateways—as a cloud service. Security as a service has become an important enabler of business in the increasingly cloud and mobile world because it provides secure access to applications and services no matter where they are hosted or where users connect. With applications in the cloud and users connecting everywhere, it no longer makes sense to tie security to the data center.
As Gartner pointed out in a 2019 report, The Future of Network Security Is in the Cloud, “The enterprise data center is no longer the center of access requirements for users and devices.” The report goes on to say that the networking and security model has effectively been turned upside-down from the time it was developed, a time when all users were on the network and all applications were housed in the secure data center. Today:
- More user traffic is going to cloud services than to data centers
- More work is performed off the network than on it
- More SaaS applications are in use than those hosted locally
The traditional network forces all traffic through the centralized data center for security and access controls—a complex configuration that results in a terrible user experience. Cloud applications, such as Office 365 and Workday, were designed to be accessed directly through local internet breakouts. And for all those remote and off-network users, the experience is even worse, because they have to use a virtual private network (VPN) to have their traffic routed through the security stack on the network only to be sent out to cloud destinations.
In this model, you have to bring users to the security, while a cloud-delivered model brings security to the users.
What are the advantages of an as-a-service model?
There are many reasons why SaaS applications are quickly replacing on-premises software. They offer far greater availability and accessibility, no matter where users connect, because they’re accessed through the internet. SaaS offers lower upfront costs and simpler management, because it can be updated by the vendor continuously in the cloud. SaaS is also scalable, so as you add users, you simply adjust your subscription.
Security as a service offers similar advantages and even more of them.
Consistent, always-on security
Whether your users are working on the network in your headquarters office or they’re connecting in a coffee shop or through an airport’s Wi-Fi, they deserve identical security and data protection. With a cloud service, your business policies follow users no matter where they connect. All connections are inspected and secured, no matter what user they are coming from, the app being accessed, or any encryption that may be used.
With cloud security, an enterprise also gets unprecedented visibility into all of its traffic, what applications are in use, whether there are any compromised machines, threats and policy violations blocked, and much more. An integrated cloud solution gives you a centralized view of all activities across services—firewall, sandbox, secure web gateway, advanced threat protection, data loss prevention, bandwidth control, and more. And it enables you to eliminate the attack surface that occurs when you expose IP addresses through VPNs and firewalls.
Finally, security as a service closes gaps in enterprise security created by off-net users and those connecting directly to cloud apps and the open internet. Today’s bad actors understand that legacy security in the data center can’t protect these users, and attackers are increasingly targeting mobile users, and using mobile devices as a beachhead to attack enterprise environments. They are exploiting the trend toward employees going direct to the internet and using public Wi-Fi networks to access cloud and mobile apps and to send and receive email. If you can’t secure every connection, you are leaving your entire network vulnerable to attack.
Fast user experience
In the “traditional” model, with traffic going through a security stack, user experience wasn’t the top priority; security was. A user’s traffic might have had to take two dozen “hops” before reaching its destination. But the latency this model introduces is no longer acceptable for most users and organizations. It not only slows productivity, but also invites users to bypass security controls and connect directly to their applications. With cloud-delivered security, enterprises don’t have to choose between security and a fast user experience.
The Zscaler Cloud Security Platform is built on a globally distributed architecture, so users are always a short hop to their applications. Through peering with hundreds of partners in major internet exchanges around the world, Zscaler ensures optimal performance and reliability for your users.
An automated, cloud-delivered service is easy to deploy and manage. If you have ever had to deal with patches and change windows, you will appreciate the fact that security clouds do the updating for you. The Zscaler cloud, for example, receives 120,000 unique security updates per day to keep you protected from rapidly evolving malware. And if a threat is detected anywhere in the Zscaler cloud, every user across the cloud gets immediate protections. Because there’s no hardware or software for you to purchase or manage, cloud-delivered security minimizes costs and eliminates the complexity of patching, updating, and maintaining hardware and software.
Today’s imperative is speed and agility—exactly the kinds of competitive advantages enabled by the cloud. But the network security model can’t scale, and it certainly isn’t agile. Changes are onerous and take much too long in the digital world. Cloud security, on the other hand, is infinitely scalable. It easily handles traffic spikes and inspects all traffic, even encrypted traffic, without impacting performance. You can add users, add services, and even add offices almost instantly. You never run out of capacity, as you do with appliances.