Benefits and Concerns

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:00
>> In this video, we're going to look at the benefits of
00:00
security as a service then contrast it
00:00
with the concerns that SECaaS brings.
00:00
Security as a service is a Cloud-based service.
00:00
As such, you start off with all those potential benefits
00:00
that Cloud computing generally brings.
00:00
This includes things like reducing
00:00
your capital expense costs,
00:00
having redundancy within the infrastructure
00:00
to provide high availability.
00:00
You have lots of resiliency
00:00
as parts and pieces may fail you,
00:00
there's other parts and pieces to back it up.
00:00
The degree of these specific benefits is going to vary
00:00
depending on the specific
00:00
SECaaS provider that you're using.
00:00
Keep in mind, companies have a tough time finding
00:00
motivated individuals with cybersecurity expertise.
00:00
This is people like you getting
00:00
the training and listening to this video right now.
00:00
Rather than have to pay for
00:00
a bunch of headcount of these individuals,
00:00
when you use a SECaaS service,
00:00
you gain the benefit of this expertise and having
00:00
all these different cyber researchers
00:00
there that are focused on the security domain.
00:00
They're going really deep in these areas,
00:00
but you don't have to actually hire
00:00
a full-time employee or a team of full-time employees,
00:00
you're outsourcing that competency.
00:00
It's very powerful for
00:00
a smaller company to be able to tap into this,
00:00
even mid-sized companies who may not have the money to
00:00
afford the staffing requirements
00:00
needed for the expertise building.
00:00
The SECaaS providers are going to
00:00
have multiple different clients.
00:00
This puts them in a really interesting and good situation
00:00
to share intelligence data
00:00
between one client and the other.
00:00
For example, one client may get hit by
00:00
some new virus or some a zero-day exploit,
00:00
and the provider can tag
00:00
that signature of the virus and create
00:00
alerts that other customers can have
00:00
so that they avoid getting the same fate.
00:00
Common with other Cloud benefits
00:00
is deployment flexibility,
00:00
and since SECaaS is delivered over the broad network,
00:00
this allows us for deployment across
00:00
many different geographies without the overhead of
00:00
managing separate installed bases or
00:00
numerous physical devices at your different sites.
00:00
As long as they have a network connection,
00:00
and as long as the SECaaS provider has
00:00
the appropriate performance and
00:00
network latency concerns are all figured out,
00:00
you can quite easily deploy this to your different sites.
00:00
Another benefit is insulating the client.
00:00
Your network traffic is going to get routed
00:00
through the SECaaS provider themselves, for example,
00:00
when you're doing emailing or if you're
00:00
using a web application firewall,
00:00
which we'll talk about more in later videos.
00:00
This by routing it through the SECaaS provider,
00:00
it can absorb a lot of the attacks before they actually
00:00
get to the client assets or the customer assets,
00:00
in this case, you being the client,
00:00
you being the customer.
00:00
Finally, you have scaling and
00:00
costs which comes to that staffing
00:00
and expertise and a little bit
00:00
more because it's a SaaS model,
00:00
you're going to be paying as you go.
00:00
When you're a smaller organization,
00:00
the minimum cost to
00:00
get headcounts say five security experts,
00:00
maybe a whole lot more than if you were to use
00:00
a SECaaS provider and leverage
00:00
the expertise that they bring with themselves.
00:00
Now of course, when you get larger,
00:00
the cost to value of using
00:00
this service may start to go over the line,
00:00
and it might actually make sense for
00:00
larger company to employ
00:00
their own full-time staff and pay people to be
00:00
dedicated and have expertise
00:00
instead of relying on the SECaaS software.
00:00
It's really that return,
00:00
build versus buy type decision
00:00
that each company needs to make to
00:00
determine how much focus they want on
00:00
their core bread and butter products and services,
00:00
versus spending in investing time and effort.
00:00
What are some of the concerns?
00:00
Well, lack of visibility.
00:00
This is really a corollary to having the benefits
00:00
of getting that expertise without
00:00
requiring direct staff,
00:00
as you're going to lose direct visibility into
00:00
the day-to-day decision-making of the staff,
00:00
the researches, what they're looking at.
00:00
You also want to make sure to touch
00:00
on the topic of evidence collection.
00:00
Even before you make
00:00
any engagement with the provider
00:00
and come to any agreement,
00:00
having evidence collection is going to
00:00
be very important in the case that you need to
00:00
pursue some prosecution that
00:00
SECaaS provider needs to provide you the evidence,
00:00
give it to you so that you can then submit it as
00:00
evidence and be mindful of the chain of custody as well.
00:00
We've talked about this in prior modules,
00:00
so I'm not going to get too deep into it again.
00:00
There's regulation differences.
00:00
The provider may not be able to ensure
00:00
compliance and all the jurisdictions
00:00
that it's operating as a
00:00
follow-on to regulation differences,
00:00
how regulated data is handled in different territories,
00:00
for different types of customers,
00:00
for different types of employees can also be impacted.
00:00
For example, the level of
00:00
employee monitoring allowed in Europe is
00:00
much more restrictive than
00:00
the monitoring you can do in the good old US survey.
00:00
If you have one SECaaS provider
00:00
and you have employees in both countries,
00:00
there's going to be some considerations
00:00
from a legal standpoint of what
00:00
you're doing in the capabilities that that
00:00
SECaaS provider is giving you.
00:00
Another concern is data leakage.
00:00
The data is obviously highly sensitive.
00:00
For example, if they're examining
00:00
emails or monitoring web traffic.
00:00
We've talked about antenna isolation in the past,
00:00
and that being a key responsibility of any provider.
00:00
But with this sensitive data
00:00
that really requires some good,
00:00
strong multi-tenant isolation in
00:00
segregation amongst the tenants,
00:00
you want to be really confident that you're
00:00
SECaaS provider is going to give that to you.
00:00
Changing providers, lock-in is a general concern.
00:00
In this case, the provider may have data
00:00
you need to retain for prolonged periods of time.
00:00
You want to leave the provider, they say, well,
00:00
we have the data that you need for maybe you have
00:00
a long-running case and you're prosecuting
00:00
something that started 3, 4 years ago.
00:00
Make sure your agreement addresses
00:00
your ongoing right to get access to that data,
00:00
or at least some right to export
00:00
and retrieve your own copy of the information
00:00
from the SECaaS provider in the event that you do
00:00
decide to change who
00:00
you're using in a later point in time.
00:00
Then finally migrating into
00:00
SECaaS because you probably have
00:00
some on-premise security team's processes and procedures.
00:00
Those individuals need to be engaged and understand,
00:00
what is the SECaaS provider?
00:00
How does it integrate within their work?
00:00
Where's the line going to be drawn between what
00:00
they're responsible for looking at in monitoring,
00:00
versus what the SECaaS provider
00:00
and that software solution and how
00:00
it's going to integrate with
00:00
the monitoring process and system.
00:00
A quick video, let's do another quiz.
00:00
What is not considered a benefit of SECaaS?
00:00
Installation of clients, cost savings,
00:00
deployment flexibility, or intelligence sharing?
00:00
Think about it a second.
00:00
This one is a tricky answer.
00:00
You have to really be paying attention to the details.
00:00
The answer is B, cost savings.
00:00
You may recall, I was talking about pay as you go
00:00
and the value of having a smaller organization,
00:00
being able to leverage a lot of expertise,
00:00
talent, and be able to focus on building their business,
00:00
but for a large organization,
00:00
SECaaS services may not make sense,
00:00
and you're going to have to look on the specifics
00:00
of the situation,
00:00
but you may end up paying a
00:00
whole lot more than it could otherwise
00:00
cost to bring on a full-time staff
00:00
or equivalent that can provide these services or
00:00
provide some augmentation internally to
00:00
improve your monitoring and
00:00
increase your security posture.
00:00
In this video we went through
00:00
the benefits and the concerns related to SECaaS,
00:00
the pros and cons.
Up Next