Security by subscription

As malware threats and regulatory compliance demands continue to grow more complex, IT will become increasingly dependent on SaaS (software as a service) offerings that let them respond to problems faster while also saving money, according to top executives at the world's largest anti-malware vendors.

In addition to continued adoption of managed security services delivered on- and off-site by professional consultants, IT customers will be able to resolve some of the problems they have with existing IT systems defense and compliance automation tools by shifting away from on-premise technologies in favor of adopting more hosted applications, vendor executives contend.

While security technologies such as end-point protection suites and IDS (intrusion detection systems) will likely always require the use of software agents that reside on customers' devices and network infrastructure, vendor executives claim that a range of technologies, including exploit-prevention tools and compliance-monitoring filters, will gradually move to the SaaS model.

As a result, providers such as McAfee, Symantec, and Trend Micro, among others, are already ramping up their SaaS portfolios to adapt to the shift.

"We believe that [SaaS] is the wave of future, and we already deal with the issue of updating tens of millions of machines remotely multiple times per day in multiple geographies. It's one of most complex things to do in all of technology, and one of the most impressive assets that I think we have," said David DeWalt, CEO of McAfee.

"IT budgets are not growing, but the threats and regulatory demands are, and customers are finding themselves thin on resources. SaaS will be a great way for businesses to save on infrastructure and maintenance costs while improving protection," said Jeff Hausman, Symantec's senior director of product management. "There's no question that the hosted model is growing dramatically."

McAfee expects a SaaS transition over time

Building on the infrastructure that vendors such as McAfee have already established to distribute anti-malware signatures and other product updates to their customers, the companies will add new SaaS offerings incrementally as customers warm up to the ideal.

The security software providers themselves must also figure out the appropriate mix of on- and off-site tools, as well as refine pricing policies for the services over the next few years, CEO DeWalt said.

However, DeWalt recognized that the process of designing and delivering SaaS products -- and selling customers on their benefits -- won't be achieved overnight. "It's a very complicated technology project, sometimes not even related to development of our own technology, but based on the IT infrastructure needed to deliver SaaS as effectively," he said. "We've learned a lot through our experiences building [anti-malware] products for the consumer and small-business markets, and we'll use those lessons to move into the SaaS business over time."

As part of its move into SaaS, McAfee announced the acquisition of ScanAlert, a provider of hosted e-commerce Web site security services, for $51 million in October 2007. The company will consider additional deals in the area if there are targets that can aid in its development of the business, DeWalt said.