Overview

Businesses of all sizes need to protect their assets, but they also need to be profitable to stay in business. The challenges of many businesses is to implement robust security practices while keeping investment and operational cost contained. “Security as a Service”and “Security Platform as a Service”offers a way for businesses to access security services that are robust, scalable and cost effective.

SecaaS and SecPaaS can be described as outsourcing security management to a third party. Before the cloud era, a conventional company would host their own infrastructure at a physical location. That company would then allocate further expenses to secure their IT assets. These security expenses could vary from implementing network security appliances (e.g. IDS/IPS appliance, Firewall appliance) to hiring experts who evaluate security operations and procedures. When a company moves their IT services from their own internal network to the cloud (to a cloud provider, such as AmazonWS), the company can cut down the physical maintenance and data security expenses to the cloud provider. This allows the company to focus on their business, concentrating on what they do best and leaving IT security to cloud experts.

What is the difference between SecaaS and SecPaaS?

Security as a Service (SecaaS) provides information security services from our cloud.

Whereas, Security Platform as a Service (SecPaaS), offers you a platform to deploy servers in our secured environment.

This choice between these two model lies within the business requirements of the customer.

If the customer has its own IT infrastructure, within which the majority of operations for processing business-relevant data are performed, and for the customer the principal need is to prohibit or significantly restrict the release of protected data outside the organization's territory, the only form of providing Information Security services will be the “Security as a Service (SecaaS)”model.

The main difference between these models can be formulated as follows: Security as a Service (SecaaS) provides information security services from our cloud. Whereas, Security Platform as a Service (SecPaaS), offers you a platform to deploy servers in our secured environment. This choice between these two model lies within the business requirements of the customer. If the customer has its own IT infrastructure, within which the majority of operations for processing business-relevant data are performed, and for the customer the principal need is to prohibit or significantly restrict the release of protected data outside the organization's territory, the only form of providing Information Security services will be the “Security as a Service (SecaaS)”model. For organizations whose business requires the need to access significant data from outside its organization’s territory, it is advisable to use Security Platform as a Service (SecPaaS). SecPaaS is a secure platform model in which business applications and customer databases are located in our special secured cloud segment, where all requirements for Protection of information are provided.

The scope of the information security risks of every business without SecaaS or SecPaaS includes the following:

  • Personal: Human resources security
  • Processes: Business risk, Security policies & Compliance
  • Businessdata: Information transfer an Cryptographic controls
  • Applications: Control of operational software & Access Management
  • Runtime: Health check & Incident management
  • Middleware: Security services (SIEM, IDM, IRM, etc.)
  • OS: Configuration control, Logging & Monitoring
  • Virtualization: Resource optimization & reusability
  • Servers: Redundancies & Reliability
  • Storage: Media handling & Backup
  • Networking: Network security (FW, IPS, VPN, etc.)
  • Engineering: Development environment Security
  • Location: Physical security

The level of information security risk coverage for “SecaaS”and “SecPaaS”models can be laid out as follows:

Covered:

Runtime: Health check & Incident management
Middleware: Security services (SIEM, IDM, IRM, etc.)
Virtualization: Resource optimization & reusability
Storage: Media handling & Backup
Engineering: Development environment Security
Location: Physical security

Not Covered:

Personal: Human resources security
Processes: Business risk, Security policies & Compliance
Businessdata: Information transfer an Cryptographic controls
Applications: Control of operational software & Access Management
OS: Configuration control, Logging & Monitoring
Servers: Redundancies & Reliability
Networking: Network security (FW, IPS, VPN, etc.)

Covered:

+ OS: Configuration control, Logging & Monitoring
+ Servers: Redundancies & Reliability
+ Networking: Network security (FW, IPS, VPN, etc.)
Runtime: Health check & Incident management
Middleware: Security services (SIEM, IDM, IRM, etc.)
Virtualization: Resource optimization & reusability
Storage: Media handling & Backup
Engineering: Development environment Security
Location: Physical security

Not Covered:

Personal: Human resources security
Processes: Business risk, Security policies & Compliance
Businessdata: Information transfer an Cryptographic controls
Applications: Control of operational software & Access Management

Under these two models Customers can, at any time, strengthen the level of security of their data with a single click, simply by going to a higher level of information security services.

Inquiries & Subscription

If you have any technical inquiries or need assistance about our SecaaS or SecPassS please contact the Technical Assistance Center.