The CSA (Cloud Security Alliance) has issued a new guideance with a focus on how security can be provided as a service (SecaaS). This document covers 10 categories of services that can be provided as a service over the cloud.
An interesting quite from the executive summary on the adoption of SecaaS "the future looks bright for SecaaS, with Gartner predicting that cloud-based security service us will more than triple in many segments by 2013"
The 10 domains covered by the guidance are the following:
- Identity and Access Management
- Data Loss Prevention
- Web Security
- Email Security
- Security Assessments
- Intrusion Management
- Security Information and Event Management (SIEM)
- Business Continuity and Disaster Recovery
- Network Security
The full guidance can be downloaded from here. Cloud Security Alliance Guidance on Security as a Service (SecaaaS)
I have been using some of the above services through some cloud services providers such as CloudFlare. Do you use any? What are your thoughts on the Security services over the cloud?