Security Encyclopedia

Security as a Service (SECaaS)

Security as a Service (SECaaS) is an arrangement where a third-party provider such as security vendor or managed service provider (MSP) furnishes an enterprise with robust and reliable security infrastructure, features, and maintenance.

SECaaS takes inspiration from Software-as-a-Service (SaaS). With SECaaS, an enterprise’s end users may be consuming services such as authentication and helpdesk support for it provided by this third party.

Depending on its uses, SECaaS can be a suitable model for the willing enterprise since it effectively outsources the resources that on-premise security infrastructure requires. It also reallocates manpower and attention that on-premise infrastructure would demand. Some SECaaS offerings make this model easy to conceive of such as antivirus and spyware protection but stronger among the SECaaS spectrum are full authentication capabilities leveraging mobile device biometrics and public-key infrastructure (PKI). When offered as a service, these complete offerings pose a different answer to the enterprise choice of building or buying a well-architected solution by having one be available for purchase as a subscription.

SECaaS implies the product’s high degree of pre-integration, interoperability, and proven deployability. If a SECaaS is not easily implemented or deployed, it already signals a degree of customer input that is already unwanted by nature of the desire to not host it on premise or build it.

Example:

“When choosing security that uses biometrics in an ‘as a service’ model, you’ve already answered the build vs. buy question. Have you also answered the question of where your vendor stores and matches your users’ biometrics?”