The SaaS delivery model supports these objectives by providing capabilities that can be rapidly deployed and retracted based on fast-changing needs. In the context of physical security, SaaS applications allow CSOs to provision new security capabilities without investing in the technology and human resources required to support the service. Also, since the SaaS model is built around ever-improving technology supported by monthly fees, CSOs can ensure access to the latest features without worrying about upgrade patches and hardware limitations.
Corporate governance, risk management and compliance with policies and regulations are in sharp focus for most organizations. It's not enough to express intent to follow regulations and policies, organizations must measure and transparently report on how completely they are complying.
In the context of physical security, compliance failures can result in data breeches, exposure to financial losses, denial of service attacks, and bodily injury to employees and visitors. The use of traditional physical security client/server architecture exposes company assets and personal information to constant threats. A typical corporate installation may include dozens of PCs, each with access to security controls and sensitive personal information.
SaaS architecture greatly simplifies enforcement of compliance polices and audits by providing centralized capabilities to establish standards as well as tools to track and report on compliance. Since a SaaS solution database is centralized, the cost for performing compliance audits is significantly reduced. Many SaaS providers provide evidence of internal controls certified by independent auditors, eliminating the need for a subscriber to incur these costs.
The survival of every organization hinges on its ability to deliver value to its customers. Referring back to the power example, what would it cost each of us to install and maintain a personal power plant? While it seems obvious that a personal power plant doesn't make sense, most physical security applications are delivered in this way. Software and hardware are purchased with sufficient capacity to handle present and some future needs. The equipment is installed, powered and maintained with internal resources. Often, excess resources exist in the host computers and within each machine that is operating the client software. When you add up the total cost of ownership, you will likely be very surprised.
The SaaS-based Security as a Service model provides an excellent alternative to the traditional options, thus allowing organizations to focus on their core business. SaaS delivers outstanding economic value for the following reasons:
- All users share and benefit from a common computing infrastructure.
- The cost model is scalable with users only paying for what they actually consume.
- Consumers of an application are free of all "back-end" management and maintenance expenses.
- Up-front capital expenditures are replaced with flat, subscription-based operational expenses.
Beyond the excessive capital outlays for traditional options, recent studies have established that the largest portion of application and server ownership costs actually exist in ongoing operational expenses, maintenance and support agreements. This is particularly true of computer systems that provide infrastructure services like security, because they must be held to a higher standard of availability and performance than ordinary office equipment.
In the case of physical security for a typical branch office or managed property scenario, the SaaS model for security management offers significant operational and financial savings due to both upfront cost reductions and the economies of scale of hosted application services.
It's not enough to ask how much back-up protection exists, but also how fast can we resume operations if everything goes wrong? Organizations routinely spend hundreds of thousands of dollars on hotstandby computers, back-up power sources and disaster recovery locations for their physical security platforms. These measures are not only expensive; they often rely on internal computer networks that are likely to be challenged by any form of massive disaster. While security is certainly a high priority, if an organization's core revenue generating capabilities are down, what will be addressed first?