Web Security and the SaaS Factor

The online security space has been no different than any number of other software categories in its adoption of Software as a Service. However, until recently most of the offerings in this space have been targeted to e-mail protection. That is beginning to change as more and more vendors begin to roll out Web security applications in the SaaS model.

"Today, about 1 percent of the secure Web gateway market is SaaS," Peter Firstbrook, a Gartner (NYSE: IT) analyst, told CRM Buyer. "But we predict it will be 25 percent in three years." There are a number of new vendors entering the space this year alone, he added.

Among those are Webroot, which recently released Webroot Web Security SaaS, as well as an enhanced version of Webroot E-Mail Security SaaS for advanced content filtering, data leakage prevention and compliance.

This is Webroot's first Web security application in SaaS, Brian Czarny, the company's vice president of solutions marketing , told CRM Buyer.

Next Evolution

"The SaaS market for e-mail protection has been growing steadily to the point where it is mainstream," Czarny explained. Webroot believes that Web security will be the next natural evolution in SaaS adoption for a number of reasons.

"Until recently, the majority of threats to an organization have been through e-mail and the incredible increase in spam," he added. "Now though, we are seeing a change in the threat vector from e-mail to a compromised Web site that a Web user would potentially trust."

Visiting such a site could potentially deliver a nasty payload inside an enterprise, Czarny continued. Web security delivered via SaaS means there is no risk of accidentally downloading malware. In addition, the application allows enterprises to better enforce Web surfing policies, keeping employees from visiting certain Web sites.

Because the online dangers for enterprises show little sign of ever diminishing, the adoption rate of SaaS Web security is likely to grow even faster than it did for e-mail security, Dan Nadir, vice president of product strategy at ScanSafe, told CRM Buyer. Another factor favoring its growth is that companies are comfortable getting e-mail protection software in SaaS form. Web security is just the next step now.

For that reason there will be a rush of vendors to offer SaaS Web security, he predicted. "By the end of the year you will see a lot more vendors offering this than are currently on the market." All of the majority security firms are scrambling to either develop it in-house or acquire it, Nadir added.

New Model

Familiarity with the model is just one reason why more firms will be seeking out SaaS Web security, according to a report authored by Firstbrook. He also points out that with an increasingly mobile PC fleet and more Internet-meshed architectures, the gateway devices used in security software -- which usually perform URL (uniform resource locator) filtering and some sort of malware detection -- are not necessarily the best fit any more. A secure Web gateway in the Internet, or SWG, delivered as a service, is better suited to some corporate operations.

Gateway devices cannot protect PCs that are off-LAN (local area network) unless they are redirected to the corporate network with client software, the report reads. "Concurrently, the traditional hub-and-spoke network architecture is gradually being replaced by a more meshed approach, exploiting inexpensive Internet access."

Although meshed architectures can use a Multi Protocol Label Switching network via Ethernet, frame relay or other forms of network access, there is a strong trend toward using the Internet for site-to-site connectivity, typically augmented by VPN (virtual private network) connections to create a virtual corporate backbone on public networks, according to the report.

The compositions of Web security SaaS applications differ, Firstbrook wrote. However, most provide URL filtering and antivirus and anti-spyware protection, as well as group- and user-level policy control over Web applications such as instant messaging, Web mail, peer-to-peer and streaming media.