SAAS applications, such as vulnerability scanning tools, e-mail and anti-spam filtering and Web filtering is helping ICI maximize personnel and budget in a manner that traditional on-premise security products wouldn't allow.
Security technologies delivered via the SAAS (software-as-a-service) business model may still be in their nascent stage, but some early adopters are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure.
One such company is Imperial Chemical Industries (ICI), the massive London-based maker of paints and chemicals that is in the process of being acquired by industrial conglomerate Akzo Nobel to the tune of US$16 billion.
With worldwide business operations and an annual research and development budget approaching US$60 million, the chemicals giant is spending more effort than ever before in securing its assets and data, company officials said.
However, utilizing a handful of SAAS applications"”including vulnerability scanning tools offered by Qualys, e-mail and anti-spam filtering from MessageLabs, and Web filtering provided by ScanSafe"”IT executives at ICI claim they are maximizing personnel and budget in a manner that traditional on-premise security products wouldn't allow.
"We're pushing the envelope in terms of what's out there with security SAAS, but so far, it's been a fantastic success; SAAS can only be employed where IT truly benefits from doing something once centrally, but there are a number of sweet spots where that approach fits today," said Paul Simmonds, global information security director at ICI. "Over time we'll likely see a mix with SAAS being used more heavily where it can offer benefits of cost and management, just as with general outsourcing."
Having used Qualys' vulnerability scanning services for over five years, ICI is at the cusp of large enterprises that have begun replacing some in-house security tools with subscription-based services.
The company is currently considering use of hosted applications binary code scanning tools offered by Veracode, a relatively new start-up, under the idea that it can begin integrating multiple SAAS technologies to offload larger parcels of its security infrastructure to outside specialists, Simmonds said.