Security by subscription

McAfee, Symantec, and Trend Micro execs expect more and more customers to get security via Web applications

As malware threats and regulatory compliance demands continue to grow more complex, IT will become increasingly dependent on SaaS (software as a service) offerings that let them respond to problems faster while also saving money, according to top executives at the world's largest anti-malware vendors.

In addition to continued adoption of managed security services delivered on- and off-site by professional consultants, IT customers will be able to resolve some of the problems they have with existing IT systems defense and compliance automation tools by shifting away from on-premise technologies in favor of adopting more hosted applications, vendor executives contend.

While security technologies such as end-point protection suites and IDS (intrusion detection systems) will likely always require the use of software agents that reside on customers' devices and network infrastructure, vendor executives claim that a range of technologies, including exploit-prevention tools and compliance-monitoring filters, will gradually move to the SaaS model.

As a result, providers such as McAfee, Symantec, and Trend Micro, among others, are already ramping up their SaaS portfolios to adapt to the shift.

"We believe that [SaaS] is the wave of future, and we already deal with the issue of updating tens of millions of machines remotely multiple times per day in multiple geographies. It's one of most complex things to do in all of technology, and one of the most impressive assets that I think we have," said David DeWalt, CEO of McAfee.

"IT budgets are not growing, but the threats and regulatory demands are, and customers are finding themselves thin on resources. SaaS will be a great way for businesses to save on infrastructure and maintenance costs while improving protection," said Jeff Hausman, Symantec's senior director of product management. "There's no question that the hosted model is growing dramatically."

McAfee expects a SaaS transition over time
Building on the infrastructure that vendors such as McAfee have already established to distribute anti-malware signatures and other product updates to their customers, the companies will add new SaaS offerings incrementally as customers warm up to the ideal.

The security software providers themselves must also figure out the appropriate mix of on- and off-site tools, as well as refine pricing policies for the services over the next few years, CEO DeWalt said.

However, DeWalt recognized that the process of designing and delivering SaaS products -- and selling customers on their benefits -- won't be achieved overnight. "It's a very complicated technology project, sometimes not even related to development of our own technology, but based on the IT infrastructure needed to deliver SaaS as effectively," he said. "We've learned a lot through our experiences building [anti-malware] products for the consumer and small-business markets, and we'll use those lessons to move into the SaaS business over time."

As part of its move into SaaS, McAfee announced the acquisition of ScanAlert, a provider of hosted e-commerce Web site security services, for $51 million in October 2007. The company will consider additional deals in the area if there are targets that can aid in its development of the business, DeWalt said.

Trend Micro, others see Intelligence in the cloud
Along with e-mail filtering services -- one breed of security SaaS application that has already proven a hit with customers of companies such as Postini, which Google acquired for $625 million in July 2007 -- vendor executives contend that hosted tools used to provide end-point and network security management services will be among the first to find favor with IT and end-users.

Trend Micro CEO Eva Chen said a growing number of the firm's small-business customers are already using its Remote Manager hosted tools to maintain configuration of their security programs and prevent their end-point systems from being altered by malware programs such as rootkits.

"We began quietly moving forward in this direction several years ago, but I believe 2008 will be a big year for SaaS development, not only because of vendor initiatives, but because of the need to deal with new threats among customers," Chen said.

"We think that there will be a need to move anti-threat knowledge from the customer into the cloud," Chen said. "Instead of having them download a virus pattern file, we will filter things and compare them to intelligence in the cloud, and then go to the end-user and update them without having to download the larger files used today."

Keeping the channel involved
Established SaaS applications in other markets, such as's hosted sales-force automation tools, have traditionally bypassed resellers and other channel players and instead been provided directly to customers by vendors themselves. That may not be the case for SaaS-delivered anti-malware, Chen said.

The reason? Even though SaaS tools are meant to alleviate many of the management concerns related to traditional on-premise products by handing the responsibilities back to the vendors, channel partners will be important in providing any services necessary to help users transition to the delivery model, or to customize the applications to individual business environments and provide any needed support services, Chen said.

Symantec, which has pledged to turn as many of its products into SaaS offerings as it can do profitably, has also promised to keep its resellers in the loop as its brings new hosted services to market. Most customers adopting SaaS services will still consume traditional security products, leading the company to pursue a hybrid strategy that mixes the two disciplines, said product director Hausman.

"We have the infrastructure to provide the service, but resellers will still maintain a lot of the relationships," Hausman said. "We're the brand behind delivery to the customer, but the partner is still the same name and face that customers have grown comfortable dealing with over time."

Diverse opportunities
Symantec's maiden foray into SaaS is its Protection Network online secure backup service aimed initially at smaller customers, hundreds of which are already piloting the offering, according to Hausman. But Symantec is preparing several other hosted products for release.

E-mail security is one area where Symantec sees SaaS opportunities, built on the success of acquired companies such as Postini. Other services that the company is pursuing might come as a surprise, including its bet that elements of DLP (data leakage prevention) and compliance monitoring can be moved to the SaaS delivery model.

Vontu, the DLP gateway specialist that Symantec purchased in November 2007 for $350 million, didn't have a SaaS offering under development, but Hausman believes that under Symantec's wing, the unit can create new capabilities by tying some of the on-premise capabilities of its technology with in-the-cloud services for message filtering and archiving.

Other opportunities for SaaS will emerge around anti-virus protection, security policy management, remote systems management and IT continuity protection, he said.