http://venturebeat.disqus.com/News about Tech, Business and InnovationenFri, 12 Nov 2010 02:08:32 -0000http://venturebeat.com/2007/10/16/saasy-security-suits-smb/#comment-96457694<p>A Salesforce for security. It makes some sense, though it seems more likely that the market will decline in proportion to the growth of online application/productivity services. If you are an SMB and will entrust your precious sales pipeline data to an online provider, you will also increasingly see online email, office apps and even legal discovery/medical office/MLS/etc. as viable and with less integration, setup and maintenance costs than enterprise equivalents.</p><p>Under those circumstances, security is part of the service guarantee. </p>Gap servicesFri, 12 Nov 2010 02:08:32 -0000http://venturebeat.com/2007/10/16/saasy-security-suits-smb/#comment-83458648<p>Very true. The security consulting industry is very hot at this time and I personally feel that a company that can deliver best of breed solutions in every segment and act as one-stop-shop will be the ones who will be smiling. Now my take would be that these security solution “deliverers” may not be selling their own product, they may be VARs which would also provide integration/consulting services and act as “trusted partners” in the security domain for the clients.</p><p>This model where a security consulting company will manage an entire security project life cycle will be able to churn out margins from security product vendors (after gaining critical mass), and also will be tapping a huge potential in the “Trusted Security Advisor” role. However, to act as trusted advisors to SMBs with little to no dedicated security staff, they will have to be a part of each phase of a project starting from ‘roadmap development’, product bake-offs, product selection, installation, policy designs, integration and finally support.</p><p>A company that provides expertise in all the above phases of security industry while maintaining the role of ‘Trusted Advisors’ will eventually win in this industry.</p>nickSun, 03 Oct 2010 09:58:14 -0000http://venturebeat.com/2007/10/16/saasy-security-suits-smb/#comment-14679091<p>David and Blair,</p><p>You both make very good points. I think a key issue which applies to SMBs is realization of the security they actually need. Blair, you suggest that SMBs are satisfied by "checking" the box for audits, compliance, etc... as an individual intimately associated with an SMB, I know that this is purely out of ignorance. If I don't know/understand the threats that exist, I am going to stick with the cehckboxes, and keep my head in the sand hoping that is enough to keep me safe... especially if I'm on an SMB budget.</p><p>David, I think the solution to this for a company which offers a suite of SaaS solutions like Perimeter is two-fold:</p><p>(1) (self-) assessment - provide the SMBs with tools to understand what threats are out there.. and what is vital to their operations.. maybe even a self-assesment on the website... with a customized product offering at the end of the tutorial...</p><p>(2) customization... offering SMBs the ability create their own soutions.. so they dont have to buy into big packages for their limited VARs (sounds like this is already in your game plan for Perimeter)</p><p>It's likely that I am way behind your biz dev plans on this (if so, just disregard), but thought I would throw out some ideas.</p><p>- Jory</p>Jory CaulkinsThu, 25 Oct 2007 15:53:59 -0000http://venturebeat.com/2007/10/16/saasy-security-suits-smb/#comment-14679090<p>David – great article, and its about time that Security-as-a-Service gets more headlines and discussion...</p><p>Your posting really struck a chord with me; I have also made an investment in the “SaaS security for SMB’s” space, with a Texas-based company called Alert Logic, and for slightly different (but related) reasons than you describe.</p><p>Yes, SMBs are indeed struggling to deploy and manage an adequate security infrastructure to properly protect themselves. But in our experience they're struggling even more to comply with regulations like PCI-DSS that require the use of advanced security technologies (like IDS, VA and log management) that are beyond the reach of ordinary SMBs because of cost and/or complexity. The funny thing is, many of these smaller companies aren't necessarily experiencing security incidents and don’t feel compelled to deploy more security technology, they’re primarily deploying the technology to meet the minimum requirements of the regulation and to satisfy the auditors (i.e., checkbox compliance”). Better security is definitely a benefit, but it's not the primary goal, and they don’t need best-of-breed capabilities, but something easy and affordable.</p><p>Your prediction that the company with the best soup-to-nuts security “utility mashup” will win the day is interesting – but we've placed our bet on a company who is producing (IMHO) the best combination of ease-of-ownership, affordability, and check-box compliance.</p>Blair GarrouTue, 23 Oct 2007 10:50:04 -0000