bamasio's picture
From bamasio rss RSS  subscribe Subscribe

SaaS SecureS in uncertain timeS 

SaaS SecureS in uncertain timeS

 
 
 
Tags:  webroot spy  saas security  web security saas  saas security best practices 
Views:  140
Published:  November 01, 2011
 
0
download

Share plick with friends Share
save to favorite
Report Abuse Report Abuse
 
Related Plicks
saas secures in Uncertain Times

saas secures in Uncertain Times

From: anon-521043
Views: 128 Comments: 0
saas secures in Uncertain Times
 
The city of Chula Vista - Case Study

The city of Chula Vista - Case Study

From: anon-521199
Views: 79 Comments: 0

 
How Saas Saves in a Down Economy

How Saas Saves in a Down Economy

From: shk
Views: 110 Comments: 0

 
See all 
 
More from this user
Introduction to digital curation

Introduction to digital curation

From: bamasio
Views: 473
Comments: 0
Inside Flume

Inside Flume

From: bamasio
Views: 28
Comments: 0
Brochure for aetna

Brochure for aetna

From: bamasio
Views: 325
Comments: 0
Saxon Mortgage Guidelines

Saxon Mortgage Guidelines

From: bamasio
Views: 329
Comments: 0
Caisse3

Caisse3

From: bamasio
Views: 465
Comments: 0
Table of Contents

Table of Contents

From: bamasio
Views: 134
Comments: 0
See all 
 
 
 URL:          AddThis Social Bookmark Button
Embed Thin Player: (fits in most blogs)
Embed Full Player :
 
 

Name

Email (will NOT be shown to other users)

 
 
 
Comments: (watch)
 
 
Notes:
 
Slide 1: SaaS SecureS in uncertain timeS Software-as-a-Service Improves Web and Email Security in Tough Times
Slide 2: SaaS Secures in Uncertain Times Contents SaaS improves Web and email Security in tough times Understanding Today’s Vulnerabilities . . . . . . . . Inside SaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . SaaS and Security: A Natural Fit . . . . . . . . . . . . Cutting-Edge Tools and Services . . . . . . . . . . . . SaaS marks the next Step in the Journey Getting the most From SaaS about Webroot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 2 2 3 4 5 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Slide 3: SaaS Secures in Uncertain Times SaaS Improves Web and Email Security in Tough Times The software-as-a-service model can help you stay ahead of Web and email threats without breaking the bank on infrastructure and management. There are three truisms about a tight economy that every IT manager knows: You have to support more projects with fewer people and tighter budgets; approvals for infrastructure build-outs are scarce; and it’s your job to ensure employee productivity remains high . These may seem like Herculean tasks, especially when you’re dealing with ever-increasing threats to your Web and email networks, but IT executives and industry experts say success can be found by moving to a software-as-a-service (SaaS) delivery model . “Spending is going to be affected by this economic slowdown, so organizations need to rethink how they manage noncore, yet critical, tasks such as Web and email security,” says Brian Burke, program director for security products at Framingham, Mass .-based research firm IDC . Recently, enterprises of all sizes have turned to gateway appliances to block spam, scan for viruses, and perform URL and content filtering . But performing these tasks on the network can be costly in terms of hardware, software, bandwidth and administration . For instance, a boost in spam oftentimes results in the need for additional appliances and licenses, increased email server capacity, expanded storage space, a hike in bandwidth, and dedicated man-hours to deploy and manage these infrastructure build-outs . Spending is going to be affected by this economic slowdown, so organizations need to rethink how they manage noncore, yet critical, tasks such as Web and email security. – Brian Burke, Program Director for Security Products, IDC These expenses are hard to fathom in today’s fiscally challenged environment . “Organizations are definitely experiencing appliance fatigue . The number of boxes they have to manage is overwhelming, and the costs continue to add up,” Burke says . To combat this problem and free up valuable resources, companies are starting to use Web and email security SaaS to handle threats before they hit the network . This approach not only helps to save time and money, but it actually improves protection by defeating today’s highly complex and dynamic threats in the cloud, in real time . Understanding Today’s Vulnerabilities While IT budgets may be shrinking, there is definitely no shortage of attacks IT professionals face in regard to Web and email . Burke says the link between the two is becoming indistinguishable, thanks to the use of Web 2 .0 technologies such as social networking, Wikis and blogs in the workplace . He adds that spam is also on the rise, accounting for more than 80% of all enterprise email, and the number one threat to email security is now embedded URL links within these messages . These statistics make it easy to understand how vital a comprehensive Web and email security plan is to an organization . In fact, Burke predicts that Web and email security are so intertwined that in the near future IT teams will address them in a unified manner . A lot of email servers and appliances are faltering because they can’t keep up with the volume they’re expected to handle. – Brian Burke, Program Director for Security Products, IDC Until then, trying to stay on top of these threats on-premise in terms of infrastructure and knowledge is a costly and exhausting endeavor for many enterprises . “A lot of email servers and appliances are faltering because they can’t keep up with the volume they’re expected to handle,” Burke says . And with new viruses and malicious Web sites popping up with abandon, IT organizations have had to become security gurus, chasing down signatures piecemeal, pushing out updated policies, and adding to URL blacklists, all while being careful not to hamper user productivity with application downtime and false positives . In addition, many organizations are beholden to data retention laws, so any messages that make their way onto the network — even spam — must be stored for a certain length of time . The result: an incredible waste of storage resources . 1
Slide 4: SaaS Secures in Uncertain Times Inside SaaS Before we look at how SaaS specifically addresses Web and email security challenges such as those discussed above, let’s look at how SaaS is beneficial in general . With SaaS, an application is hosted and delivered over the Internet by a provider, negating the need for on-premise hardware, software or dedicated personnel . Rather than continually paying for hardware, software and maintenance licenses, you pay a fixed price on a per-user basis that provides everything you require, including all support and maintenance . This enables you to dynamically add or subtract users based on your growth, paying only for what you need, when you need it . Also, because SaaS is essentially a subscription, companies can count application usage as an operating expense as opposed to a complicated — and depreciating — capital expenditure . In fact, one esearch firm found that a SaaS solution can reduce the annual application cost per user from $100 to $60 versus a traditional appliance-based solution . $100 $80 $60 $40 $20 $0 Appliance SaaS SaaS also offers companies leverage vs . on-premise solutions because they are based on service-level agreements . This key differentiator means that companies have a contract with the service provider to guarantee optimal performance and reliability . SaaS applications generally offer similar functionality as their on-premise counterparts, but with a distinct benefit . As soon as the provider develops new features, customers can take immediate advantage of them without having to spend time downloading and testing code to ensure proper network integration . In addition, SaaS is controlled through a team’s Web-based console so IT can easily set and manage company use policies for all users . SaaS and Security: A Natural Fit Where the SaaS model really hits home is with Web and email security because it provides IT teams a way to stop threats before they clog — or take down — the network . All vulnerabilities are dealt with in the cloud . To understand the economic ramifications, consider this real-world example . At Dallas County Community College District (DCCCD) in Mesquite, Texas, the email network supports inbound and outbound messages for more than 65,000 mailboxes . Of the almost 3 million messages DCCCD received each day, more than 95% were spam, exposing the district to worms, bots and other vulnerabilities that threatened the network and user productivity . To manage that spam explosion on-premise, DCCCD would have had to add more staff, appliances, bandwidth and other infrastructure . Instead, DCCCD switched over to Webroot E-Mail Security SaaS, which was “as easy as changing a record in our domain name server to redirect to Webroot,” says Steve Glick, Associate District Director for Information Technology at DCCCD . “There’s no question this has taken a significant load off the network in terms of server capacity, bandwidth and storage space .” There’s no question [Webroot E-Mail Security SaaS] has taken a significant load off the network in terms of server capacity, bandwidth and storage space. – Steve Glick, Associate Director for Information Technology, DCCCD Webroot E-Mail Security SaaS has also alleviated the burden on Glick’s network support specialist, who was tasked with supporting the security appliances and their surrounding infrastructure . Now, instead of having to beef up staff, Glick has been able to redeploy the network support specialist to other, more strategic projects . “Web and email security SaaS are particularly helpful for IT organizations that lack dedicated security personnel,” Burke says . “Because security is their primary focus and they are watching for threats across a broad spectrum, SaaS providers like Webroot are better equipped to detect new vulnerabilities and ensure your on-site and mobile workers are thoroughly protected .” 2
Slide 5: SaaS Secures in Uncertain Times Cutting-Edge Tools and Services Webroot uses a combination of multiple best-of-breed antivirus and anti-spam engines as well as its own anti-spyware tool, Webroot Spy Sweeper®, and an automated threat research system to keep its Webroot Web Security SaaS and Webroot E-Mail Security SaaS services cutting edge . Users are also protected by zero-hour heuristic filters that guard against new and unknown virus variants and keep false positives low . And because traffic is filtered through Webroot data centers, distributed denial-ofservice attacks can be neutralized before they reach corporate mail servers . Using the multivendor approach for anti-virus engines also allows Webroot to offer a high-quality, inexpensive SaaS solution without compromising security . Companies can cost-efficiently guarantee that their corporate acceptable usage policies regarding Web sites and content are enforced for on-site and remote workers . In fact, Webroot Web Security SaaS can apply proactive notification of company Internet use policy to search engine results, indicating whether a site can be accessed, potentially contains malware, or is blocked . That’s one of the attractions for Adam Edwards, partner at London-based Cumberland Ellis Law Firm LLP who has to ensure that his users are protected from inappropriate content , while complying with the firm’s Internet use policies, best practice and the law . “Email and Web are at the core of everything we do here, and we have a certain level of paranoia about our clients’ privacy and security . We have to make sure that we maintain absolute confidentiality and properly secure our clients’ data, a part of which includes ensuring that we are not attacked or compromised by malicious code via the Web,” Edwards says . Edwards relies on Webroot Web Security SaaS and Webroot E-Mail Security SaaS to ensure that preconfigured corporate policies are being adhered to without hampering employee productivity . He uses the Web-based console to track and mitigate false positives and to make sure that employees can access the spam quarantine . But it’s not only policy enforcement that Edwards enjoys about Webroot Web Security SaaS and Webroot E-Mail Security SaaS . He’s also a fan of the inherent disaster recovery feature, which has saved him the cost of installing a more fault-tolerant system on or off-site . Because security is their primary focus and they are watching for threats across a broad spectrum, SaaS providers like Webroot are better equipped to detect new vulnerabilities and ensure your on-site and mobile workers are thoroughly protected. – Brian Burke, Program Director for Security Products, IDC For instance, the law firm recently suffered a Microsoft Exchange Server outage, but users were still able to access their email via the Webroot service . “If we had to maintain an off-site mirrored Exchange Server ourselves, it would be a costly technical feat . This way, we always have the previous month’s worth of email at the ready wherever in the world our employees are,” Edwards says . The biggest cost benefit of the Webroot SaaS offerings is the security expertise the company brings to the table at a significantly lower TCO . “From a practical standpoint, there’s no way with only one full-time IT manager supporting 80 users that we can fully master every aspect of security in-house,” Edwards says . “Web and email security require 24/7 attention, and since that is Webroot’s business, they have a much greater chance of recognizing and blocking threats than we ever could .” 3
Slide 6: SaaS Secures in Uncertain Times SaaS Marks the Next Step in the Journey In an uncertain economy, businesses of all sizes are struggling to find new ways to survive. The same is true for information technology teams, which are being forced to reevaluate how they deploy and manage applications across the enterprise. Webroot CEO Peter Watkins recently discussed this difficult environment with Technology Editor Sandra Gittlen and explained how IT teams can cost-effectively tackle one of the most difficult challenges, Web and email security, with software as a service (SaaS). Q: How has application management, particularly in the areas of Web and email security, changed A: The bar has constantly been raised for how IT deploys and runs existing applications . There is tremendous pressure for it in the past few years? to cut costs and drive out redundancies throughout their current systems as well as to find efficiencies in implementing new applications . Many organizations have been burned by applications that were too complex to deploy and manage . Q: How does the economy compound this struggle? A: I’m not sure most IT managers have experienced this type of recessionary climate before and, unfortunately, many are going to be subject to disproportionate cuts in terms of staffing and budget . Companies will be thinking only about what directly brings money in the door — such as new sales applications — and expect other areas to be severely scaled back or delayed . In addition, they will expect what has become the base of services that IT provides, such as email and Web security, to become utilities and be provided at the lowest possible cost . Q: How can software as a service lessen this burden? A: Let’s start with the primary benefit of SaaS — it’s far easier to deploy and manage because there is zero to minimal implementation of hardware and software needed within an organization . This eliminates many of the costs associated with a typical security project . For instance, if you are trying to secure Web and email access at remote sites, you no longer have to send out a staff member to install and manage an appliance or other infrastructure . Also, the length of your deployment will be dramatically shortened because there is nothing to install and no interaction with the network or desktop to worry about . Too often, we hear about IT teams that tried to roll out an on-premise solution only to find it was more complex than they planned, needing more bodies, more time and more money . With SaaS, you can trial the application and see firsthand what the deployment cycle entails . Often-times, you can have your application up and running enterprise-wide within a few hours, freeing your staff and budget for other, more strategic purposes . SaaS solutions in the security space are also far more effective than their on-premise counterparts . With an on-premise solution, customers are stuck with the single antivirus tool and signature recognition software their vendor uses . Conversely, Webroot uses a multivendor approach, including five different antivirus engines, to block malicious code from getting inside your organization . Q: Have you noticed that overall organizations are more accepting of SaaS solutions than they A: Definitely . It’s skyrocketing in areas such as CRM and payroll . Email security is already well past the early adopter were even a year ago? phase and we expect Web security to experience the same growth over the next few months . And while there is still more education that has to be done about SaaS, organizations are starting to realize they don’t want viruses, spam and other threats to come onto their network so they are seeing the value of dealing with those vulnerabilities in the cloud . Q: Who typically holds the decision-making power regarding SaaS within an organization? A: When it comes to email and Web security, that’s clearly the domain of IT . They take the lead and specify what they want, to make sure there are clean pipes to and from the Internet . Q: What changes has the SaaS industry undergone that makes it more appealing to A: Before SaaS, there were application service providers that hosted what was essentially on-premise software out of it organizations? data centers . While they modified the applications to be Web-friendly, they were kludgy . SaaS offerings have been engineered from the ground up to be delivered over the Web . And they also support multi-tenancy — allowing more than one customer on a server — to drive down costs . In addition, these services have been optimized in terms of their Web interface, performance, Internet delivery infrastructure, security and other key areas . In many ways, they offer far better reliability these days than most corporate networks . Q: Do you think organizations will go back to on-premise solutions when we pull out of this A: No, I think we are on a very clear evolutionary path here . Early on, IT was gung ho to buy and deploy software economic crisis? themselves . Then they turned to appliances because they offered an all-in-one solution . Each step has been designed to make application deployment and management simpler . And SaaS is clearly the next step in that journey . I’m confident SaaS will prove from a technical, ease of use and pricing perspective to be a benefit to IT organizations everywhere for the foreseeable future . Sandra Gittlen is a Massachusetts-based technology writer. 4
Slide 7: SaaS Secures in Uncertain Times Getting the Most From SaaS Signing on with a software-as-a-service (SaaS) provider may have you worried that you are giving up control, but that doesn’t have to be the case. Here are some surefire ways to guarantee you stay in the driver’s seat. 1. try before you buy. There’s no better way to understand how SaaS will benefit your environment than seeing results for yourself . While this can be cumbersome with appliances and on-premise solutions, SaaS offerings make evaluating the benefits of Web and email security as easy as redirecting your traffic to an alternate URL or altering your MX record . You can even send production traffic through the SaaS provider’s environment to check real-time latency and the other impacts on the end-user experience . 2. Get it in writing. The most important part of any SaaS offering is the service-level agreement (SLA), which outlines your provider’s guarantees . You’ll want to make sure that the SLA covers performance, uptime, notification of downtime, and other critical factors as well as the repercussions for failing to meet those guarantees . For instance, your provider should offer 24/7 availability . You’ll also want a false-positive rate for catching viruses that is lower than 1 in 400,000 . To ensure these metrics are being met, have your provider send you regular reports . 3. Know your compliance mandates. When it comes to security, it’s imperative that you understand the guidelines for data protection that your company must follow . For example, do you have requirements that dictate how long you have to retain business records or privacy restrictions regarding customer information? Develop policies that reflect these mandates and then convey them to your SaaS provider . Together you’ll be able to conduct audits that ensure ongoing compliance . 4. Share your SaaS success. It’s easy to measure the success of a SaaS solution . For instance, if your email security solution is stopping 98% of the spam that would otherwise have to be handled by your network, then that’s a tremendous savings in terms of bandwidth and server capacity . Or if your Web security service has blocked hundreds of attempts by employees to visit “bad” sites, then you’ve essentially stopped malware from taking down the network and increased worker productivity . Make sure to share these benefits with corporate executives so they understand the business value of your SaaS decision . 5. enjoy your newfound freedom. With SaaS, you no longer need a dedicated employee to chase down the latest virus signatures, test and deploy patches, or update URL blacklists . All this is handled automatically as part of your service . You also don’t have to spend time purchasing, provisioning and maintaining hardware, software or appliances in-house and at remote locations . This means that you can redeploy staff to more strategic and mission-critical tasks . The Webroot ROI Calculator allows you to estimate total cost savings based on your specific email and Web security solutions. 5
Slide 8: SaaS Secures in Uncertain Times About Webroot Webroot provides industry-leading security solutions for consumers, enterprises and SMBs worldwide . Webroot recently announced two new perimeter security offerings, Webroot E-mail Security SaaS and Webroot Web Security SaaS . A proven software-as-a-service offering, Webroot E-Mail Security SaaS delivers e-mail archiving, encryption, business continuity, antispam, anti-virus and anti-phishing capabilities that give companies of all sizes better manageability, better value and better protection . Webroot Web Security SaaS provides web-filtering protection and secures against viruses, spyware and inappropriate Web usage, with no hardware or software to maintain and lower total cost of ownership . Service features include access control, content control, threat protection, detailed logging and real-time reporting . Recently voted Best Anti-Malware Solution by SC Magazine readers, Webroot AntiSpyware Corporate Edition and Webroot AntiSpyware Corporate Edition with AntiVirus are comprehensive, centrally managed solutions that aggressively block, detect and eradicate malware on desktops across the network . Webroot products consistently receive top review ratings by respected third–party outlets and have been adopted by millions globally . Available either as branded solutions or on an OEM basis, Webroot products can be found at www .webroot .com and on the shelves of leading retailers worldwide . To find out more visit www .webroot .com or call 1 .800 .870 .8102 . Webroot Software, Inc. – World Headquarters 2560 55th Street Boulder CO 80301 USA www.webroot.com • 800.870.8102 Cart Lodge, Squerryes, Goodley Stock Road Westerham, Kent TN16 1SL, UK www.webroot.com/uk • +44 (0)870 1417 070 Webroot Ltd. – EMEA Headquarters Level 11, Tower B, 821 Pacific Highway Chatswood NSW 2067 Australia www.webroot.com • +61 (0)2 8448 8144 • 1.800.029.234 Webroot Software Pty Ltd. – APAC Headquarters © 2009 All rights reserved . Webroot Software, Inc . Webroot, the Webroot icon, Spy Sweeper and the Webroot tagline are trademarks or registered trademarks of Webroot Software, Inc . in the United States and other countries . All other trademarks are properties of their respective owners . NO WARRANTY . Analysis based on research conducted by Webroot Software, Inc . The information is provided AS-IS and Webroot makes no warranty as to its accuracy or use . Any use of the technical documentation or the information contained herein is at your own risk . Documentation may include technical or other inaccuracies or typographical errors . Webroot reserves the right to make changes without prior notice . Certain data is available upon request . uSa-280109-1.2

   
Time on Slide Time on Plick
Slides per Visit Slide Views Views by Location