Experts say managed security is a major growth area for Cloud-based services.
"We estimate that through 2015 half of all e-mail security products will be used in SaaS form," said Ruggero Contu, principal research analyst at market researchers Gartner.
For small and medium-sized companies, with limited IT staff, Security as a Service may be particularly interesting because of its potential cost savings and service improvements.
Researchers at Gartner believe SaaS makes sense at the moment for e-mail and Web security, remote vulnerability scanning, security intelligence and, to a lesser extent, SIEM (Security Information and Event Management) und IAM (Identity and Access Management).
IBM also believes there is a broad market for cloud-based security services.
"Our approach is to take a holistic approach to IT security and for that reason we have developed our "IBM Security Framework," said Christian Emmerich, who is responsible for IT security technologies at the US based computer services and software group. The security framework defines a business-driven approach to security.
IBM has around 4,000 corporate customers worldwide for its managed security services. It offers Cloud-based firewall management, virus protection, e-mail security, event and log management of customer systems or intrusion protection and prevention.
Emmerich believes managed security services work for bigger corporations but can also be appropriate for companies with between 50 and 100 workers. "Small and medium-sized users have firewalls, but often don't have the personnel to do the monitoring 24-by-7 and on holidays," he said.
Large cost-saving potential
The IBM manager says a Cloud solution can lead to cost savings of between 20 pc and 50 pc.
Michael Rudrich, regional director Central Europe for U.S. services provider Websense agrees that especially small- and medium-sized companies should consider Cloud solutions.
"As Web-based threats get more complex and dangers resulting from unsecured Web 2.0 applications grow, it will be more and more difficult for small and medium-sized companies to maintain effective protection with internal resources," he said.
Service providers don't advocate moving all functions to the Cloud. "It's essential to keep the supervision in house," said IBM's Emmerich. That's important, he said, because, the end user is always legally responsible.
Gartner's Contu agrees and adds: "It's especially important to keep business-critical core applications and functions in-house."
He also adds a note of caution about implementing SaaS across a large global network of operations. "There are logistical problems for SaaS where there is no high-quality bandwidth and connectivity," he said.
-By Daniela Hoffmann