The Daily Dose: Security SaaS struts its stuff

Veracode co-founder and chief technology officer Chris Wysopal says there are signs all over the RSA Conference 2007 show floor that software as a service is finally being recognized within the information security community.

Editor's note: Information security expert Chris Wysopal, co-founder and chief technology officer of security firm Veracode Inc., is contributing to SearchSecurity.com's special coverage of RSA Conference 2007. His column will appear daily throughout the conference.

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

Corporate E-mail Address:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Today I took some time to look at the different vendor booths on the expo floor. One thing I noticed was software as a service (SaaS) has made its way to the security world at RSA this year. (Disclosure: my company, Veracode Inc., offers on-demand automated application security reviews over the Web.) Qualys is promoting its SaaS model, which it have been at for a while, but now there are some new players in different fields.

RSA Conference 2007

Can't make it to the show? SearchSecurity.com staff members are on the RSA floor, on hand to deliver the latest RSA Conference 2007 news and updates.

Cloudmark, the antispam company, has zero-hour AV blocking, based on their customer base marking attachments as bad. A model like this only works when you have a service running in a data center. I think we are going to see more intelligent security products by harnessing the intelligence of end users or end nodes across many customers. To some extent all AV companies do this, but Cloudmark has brought a new level of automation and connectivity to bear.

Voltage Security is offering software-as-a-service email encryption. I have been disappointed at the uptake of email encryption, which has been around for ages, by the average user. The SaaS model makes many types of software easier to use and it looks like this may be a solution to the usability problem surrounding email encryption.

Qualys CEO Philippe Courtot spoke earlier this week extolling the virtues of SaaS in the security domain, and I agree. Much of security technology is unnecessarily complex and SaaS is a way to keep the complexity away from the user. Customers want simple interfaces and they don't want to install a lot of software.

The other big benefit of SaaS in the security space that I see is the way a customer can get value out of the anonymized data that other customers create in the system. When I was a consultant, customers would always ask me, "How am I doing compared to my peers or the world as a whole?" With the shared infrastructure of a SaaS provider, those questions can be answered. Increased data sharing helps everyone.

<< Return to our special coverage of RSA Conference 2007

This was last published in February 2007

Read more on IT risk management

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.