Trend Micro CEO Eva Chen said a growing number of the firm's small-business customers are already using its Remote Manager hosted tools to maintain configuration of their security programs and prevent their end-point systems from being altered by malware programs such as rootkits.

"We began quietly moving forward in this direction several years ago, but I believe 2008 will be a big year for SaaS development, not only because of vendor initiatives, but because of the need to deal with new threats among customers," Chen said.

"We think that there will be a need to move anti-threat knowledge from the customer into the cloud," Chen said. "Instead of having them download a virus pattern file, we will filter things and compare them to intelligence in the cloud, and then go to the end-user and update them without having to download the larger files used today."

Keeping the channel involved
Established SaaS applications in other markets, such as Salesforce.com's hosted sales-force automation tools, have traditionally bypassed resellers and other channel players and instead been provided directly to customers by vendors themselves. That may not be the case for SaaS-delivered anti-malware, Chen said.

The reason? Even though SaaS tools are meant to alleviate many of the management concerns related to traditional on-premise products by handing the responsibilities back to the vendors, channel partners will be important in providing any services necessary to help users transition to the delivery model, or to customize the applications to individual business environments and provide any needed support services, Chen said.

Symantec, which has pledged to turn as many of its products into SaaS offerings as it can do profitably, has also promised to keep its resellers in the loop as its brings new hosted services to market. Most customers adopting SaaS services will still consume traditional security products, leading the company to pursue a hybrid strategy that mixes the two disciplines, said product director Hausman.

"We have the infrastructure to provide the service, but resellers will still maintain a lot of the relationships," Hausman said. "We're the brand behind delivery to the customer, but the partner is still the same name and face that customers have grown comfortable dealing with over time."

Diverse opportunities
Symantec's maiden foray into SaaS is its Protection Network online secure backup service aimed initially at smaller customers, hundreds of which are already piloting the offering, according to Hausman. But Symantec is preparing several other hosted products for release.

E-mail security is one area where Symantec sees SaaS opportunities, built on the success of acquired companies such as Postini. Other services that the company is pursuing might come as a surprise, including its bet that elements of DLP (data leakage prevention) and compliance monitoring can be moved to the SaaS delivery model.

Vontu, the DLP gateway specialist that Symantec purchased in November 2007 for $350 million, didn't have a SaaS offering under development, but Hausman believes that under Symantec's wing, the unit can create new capabilities by tying some of the on-premise capabilities of its technology with in-the-cloud services for message filtering and archiving.

Other opportunities for SaaS will emerge around anti-virus protection, security policy management, remote systems management and IT continuity protection, he said.