Optimize Security Services in the Cloud
Home
eMarketing
eSecurity
Mobile Comm
Global e-Business
News & Insights
Contact Us

Articles

Security breach at Target part 2
FIDO Alliance Seminar
Security Breach at Target
Myth on Web Service Security
End-to-End Security for Cloud Computing
Optimize Security Services in the Cloud
Data at Rest, Data at Risk
Data Security Best Practices
DOD Common Criteria
Need for Information Security Professionals
Protect Social Security Info
Virtual VPN Gateway
Don't Hack the Ox!
6 eSecurity Pitalls
Data Security at Risk
CCNA Certification
NAC Forum
eSecurity Market
eSecurity Philosophy
PC Security
eSecurity Facts
Encryption Tool
Checking Security
Identity Theft
Home PC Security
eSecurity Training
Security Software
eSecurity & You
Web Security
Browser Security
Spyware & Viruses
448 Bit Encryption
Vital PC Security
Spyware Security
What's PC Security
Optimize eSecurity
Delete Cookies
Basic SB Security
eSecurity 101
Email Security

Optimize Security Services in the Cloud
By: Judy Silk, eSecurity Editor, Internet Journal
12/20/2013

As the Software-as-a-Service (SaaS) getting widely deploys into the cloud computing environment, more and more security vendors are providing security technologies as a service. In this multiple offers of Security-Software-as-a-Service marketplace, how to select the best security service becomes a big challenge.

Security Software as a Service

Although Security-Software-as-a-Service (SSaaS) likes a new terminology to many people, it is not an innovation. In fact, security services are just a special kind of software services that exist in the current marketplace for a while. The following are some examples of security services:

  • Application Vulnerability Scanning Service
  • Identity Management Service
  • Security Token Service
  • Non-repudiation and Notary Service
  • Web Penetration Testing Service
  • Web filtering Service

Many of above security technologies require special techniques and security professionals to handle the service. Their data, scripts, signature files, and defense logic require dynamic update. It is better to provide those security technologies as a service, instead of software product for enterprise's IT security infrastructure. 

Enterprises large and small are really starting to pay attention to the difference between physical infrastructure and software services in the cloud computing environment. Therefore, these security technologies delivered via the Security-Software-as-a-Service business model is getting more and more popular.

Multiple Offers of SSaaS

Deploying the cloud computing into the production environment, many enterprises are already piecing together multiple offerings to outsource a significant portion of their IT systems defense infrastructure, by using this Security-Software-as-a-Service model.

For a given security service there may a number of potential suppliers. From the business point of view, it remains extremely difficult to find the best security service in the cloud when there are multiple alternatives of SSaaS can be selected from.

When there are multiple offers from different services providers that can provide same kind of security service, the business decision maker should take the advantage on this multiple offers situation, and make the best selection to match its business objective. 

Looking for the Best SSaaS

The enterprises are looking for how to select security service that is the most cost-effective, high-performance and best quality one. They also want the most secure service that has low security risks. On the other hand, it cannot impact the network performance for their business transaction, and the cost should be reasonable.

In the cloud computing environment, the enterprise wants to develop effective business processes and improve the performance and agility of those SaaS solutions. This requirement will be the same in selecting the Security-Software-as-a-Service solution. In other words, the enterprise is looking for faster, better, and cheaper SSaaS solution to match its business goal.

When there are many security providers who can provide SSaaS in the cloud computing environment, the questions are:

  • How to select the best one that meets the business objective of the enterprise?
  • How to get maximize the business value out of the security services?

Using internet search engine, such as Google or Bing, will not help in selecting the best security service from the cloud. The keywords base search engine will not be able to tell which security service is cheaper, faster and better than other services.

In contrast, End-to-end Resources Planning (EERP) technology will help in selecting the best security service from the cloud.

What is EERP?

EERP is an OASIS emergent standard that is provided by OASIS Service-Oriented Architecture End-to-End Resource Planning Technical Committee (SOA-EERP TC), see http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-eerp which is a technology that optimizes deployment of services onto a SOA description of an application.

The focus in EERP is on the characterization of the business characteristics of a service, called Business Quality of Service (bQoS), characterization and accessing the reputation of potential service providers, and Business Service-Level Agreements (SLA).

EERP optimizes deployment of services onto a description of an application. Describing the required information—business characteristics of a service, the reputation of potential service providers, and business service-level agreements—enables analysis and optimization of business results in the space of possible service deployments.

For Security-Software-as-a-Service, EERP will provide additional information for business optimization, including the bQoS of the security service, business rating of the security service and business service level agreement.

Enable the Optimization of Security Services

In the EERP world, "optimization" is defined as maximizing business value by enabling improved real-life e-Business process and resource planning. Optimization can take place at both design time and run time. For the SSaaS, the optimization means to maximize the business value for the security services.  

Enabling technology defined by the SOA-EERP  TC include definition of the framework for representing business service characteristics (how to represent cost, time, and cost), a means to describe the reputation of the service providers to solicit and report information, and a means to describe what we call business service-level agreement.

Services are performed by people, machines, and hardware/software applications, and represented by SOA services. The qualities of a business service are expressed by means of the Business Quality of Service (bQoS) specification. The nature of bQoS varies across industries and services.

Businesses improve their business processes in order to reduce cost, improve efficiency, and otherwise improve business results.  For the security services, in addition to reduce cost and improve efficiency, most important it will increase the security and reduce the security risk. 

Not Security Only Solution

There EERP specifications now are under public review. They are EERP Business Quality of Service, EERP Business Raring, and EERP Business Service Level Agreement specifications. See http://xml.coverpages.org/newsletter/news2010-02-01.html#cite1 for more details. 

These specifications are not only applied to the security services, but also can be applied to other areas. For example, bQoS might be used for describing the characteristics of energy or goods bought and sold, and the characteristics of services such as medical, shipping, and more. The reputation of a trading or business partner is useful in many contexts.

Moreover, it can be applied to multiple services, and find the optimal solution end-to-end, including the security service. This will get the best solution out of multiple alternatives that can match the business goal – get the faster, cheaper and better and yet more secure service chain in the could computing environment.  

About The Author
Judy Silk is the e-Security Editor of the of the
Internet Journal. http://www.intnetjournal.com. Internet Journal provides the insights and analysis on Internet marketing, eCommerce, mobile communications, eSecurity, and global e-Business. If you have any comments about Internet Journal, please send email to editor@intnetjournal.com.  

 

[Home] [eMarketing] [eSecurity] [Mobile Comm] [Global e-Business] [News & Insights] [Contact Us]

eMarketing