Optimize Security Services in the Cloud
By: Judy Silk, eSecurity Editor, Internet Journal
As the Software-as-a-Service (SaaS) getting widely
deploys into the cloud computing environment, more and more security vendors are providing security technologies as a service. In this multiple offers of Security-Software-as-a-Service marketplace, how to select the
best security service becomes a big challenge.
Security Software as a Service
Although Security-Software-as-a-Service (SSaaS) likes a new terminology to many people, it is not an innovation.
In fact, security services are just a special kind of software services that exist in the current marketplace for a while. The following are some examples of security services:
- Application Vulnerability Scanning Service
- Identity Management Service
- Security Token Service
- Non-repudiation and Notary Service
- Web Penetration Testing Service
- Web filtering Service
Many of above security technologies require special techniques and security professionals to handle the service. Their data, scripts, signature files, and defense logic require dynamic update. It is better
to provide those security technologies as a service, instead of software product for enterprise's IT security infrastructure.
Enterprises large and small are really starting to pay attention to the
difference between physical infrastructure and software services in the cloud computing environment. Therefore, these security technologies delivered via the Security-Software-as-a-Service business model is getting more
and more popular.
Multiple Offers of SSaaS
Deploying the cloud computing into the production environment, many enterprises are already piecing together multiple offerings to outsource a
significant portion of their IT systems defense infrastructure, by using this Security-Software-as-a-Service model.
For a given security service there may a number of potential suppliers. From the business
point of view, it remains extremely difficult to find the best security service in the cloud when there are multiple alternatives of SSaaS can be selected from.
When there are multiple offers from different
services providers that can provide same kind of security service, the business decision maker should take the advantage on this multiple offers situation, and make the best selection to match its business
Looking for the Best SSaaS
The enterprises are looking for how to select security service that is the most cost-effective, high-performance and best quality one. They also want
the most secure service that has low security risks. On the other hand, it cannot impact the network performance for their business transaction, and the cost should be reasonable.
In the cloud computing environment,
the enterprise wants to develop effective business processes and improve the performance and agility of those SaaS solutions. This requirement will be the same in selecting the Security-Software-as-a-Service solution.
In other words, the enterprise is looking for faster, better, and cheaper SSaaS solution to match its business goal.
When there are many security providers who can provide SSaaS in the cloud computing environment, the questions are:
- How to select the best one that meets the business objective of the enterprise?
- How to get maximize the business value out of the security services?
Using internet search engine, such as Google or Bing, will not help in selecting the best security service from the cloud. The keywords base search engine will not be able to tell which security service is
cheaper, faster and better than other services.
In contrast, End-to-end Resources Planning (EERP) technology will help in selecting the best security service from the cloud.
What is EERP?
EERP is an OASIS emergent standard that is provided by OASIS Service-Oriented Architecture End-to-End Resource Planning Technical Committee (SOA-EERP TC), see http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-eerp which is a technology that optimizes deployment of services onto a SOA description of an application.
The focus in EERP is on the characterization of the
business characteristics of a service, called Business Quality of Service (bQoS), characterization and accessing the reputation of potential service providers, and Business Service-Level Agreements (SLA).
EERP optimizes deployment of services onto a description of an application. Describing the required information—business characteristics of a service, the reputation of potential service providers, and business
service-level agreements—enables analysis and optimization of business results in the space of possible service deployments.
For Security-Software-as-a-Service, EERP will provide additional information for business
optimization, including the bQoS of the security service, business rating of the security service and business service level agreement.
Enable the Optimization of Security Services
the EERP world, "optimization" is defined as maximizing business value by enabling improved real-life e-Business process and resource planning. Optimization can take place at both design time and run time. For
the SSaaS, the optimization means to maximize the business value for the security services.
Enabling technology defined by the SOA-EERP TC include definition of the framework for
representing business service characteristics (how to represent cost, time, and cost), a means to describe the reputation of the service providers to solicit and report information, and a means to describe what we call
business service-level agreement.
Services are performed by people, machines, and hardware/software applications, and represented by SOA services. The qualities of a business service are expressed by means of the
Business Quality of Service (bQoS) specification. The nature of bQoS varies across industries and services.
Businesses improve their business processes in order to reduce cost, improve efficiency, and
otherwise improve business results. For the security services, in addition to reduce cost and improve efficiency, most important it will increase the security and reduce the security risk.
Not Security Only Solution
There EERP specifications now are under public review. They are EERP Business Quality of Service, EERP Business Raring, and EERP Business Service Level Agreement
specifications. See http://xml.coverpages.org/newsletter/news2010-02-01.html#cite1
for more details.
These specifications are not only applied to the security services, but also can be applied to other areas. For example, bQoS
might be used for describing the characteristics of energy or goods bought and sold, and the characteristics of services such as medical, shipping, and more. The reputation of a trading or business partner is useful in
Moreover, it can be applied to multiple services, and find the optimal solution end-to-end, including the security service. This will get the best solution out of multiple alternatives that can match
the business goal – get the faster, cheaper and better and yet more secure service chain in the could computing environment.
About The Author
Judy Silk is the e-Security Editor of the of the Internet Journal. http://www.intnetjournal.com. Internet Journal provides the insights and analysis on Internet
marketing, eCommerce, mobile communications, eSecurity, and global e-Business. If you have any comments about Internet Journal, please send email to email@example.com.