Renting or buying? Which is it better to protect your firm from cybersecurity threats?
Everyone needs antivirus and backup protection. But which is the better deal:
- Subscribe to (rent) a service month-to-month?
- Buy a software package or hardware device?
Those of us who were around at the start of the computer revolution fondly remember "the good old days." We bought a software packages outright. Yes, they were expensive. But no maintenance contracts. No subscriptions. Many ran for years, even on newer versions of MS Windows.
We bought a backup program and some floppies and backed up our important stuff (unless we forgot).
But technology became more complex. New MS Windows versions broke our software. Bugs were discovered. Viruses found holes in our products. The software vendors needed to be paid for their efforts in adapting to new Microsoft releases, eliminating bugs, and plugging security holes.
Soon we need to pay for software upgrades. Then maintenance contracts arrived. Now the rental model - subscription software or Software as a Service (SaaS) - is all the rage.
Your first reaction may be: "I don't want a subscription. Let me just buy the thing." Bear with me a moment. Let's consider the advantages of Software as a Service (SaaS) subscriptions.
Advantages of SaaS Subscriptions
Joshua Goldfarb has served in C-level security roles in multiple corporations and served as Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT). Goldfarb writes:
SaaS is a great model for security solutions. It encourages vendors to provide value on an ongoing basis in exchange for a subscription fee. It also encourages vendors to be adaptive, responsive, and flexible when it comes to customer needs. After all, without the lock-in of a traditional enterprise license, the buyer has a lot more say in getting the security solution that works for their organization.
From: Security Lessons Learned From Adopting a Pound Dog
What are the aspects of today's threats that give SaaS an edge over traditional products?
Consider the current scourge of ransomware. Yikes! It locks up our main drives and backup drives! It steals our files and threatens to expose them on the open internet.
Glance at the technology sections of daily news and you'll see reports of malicious hackers breaching the defenses of companies large and small. A flood of counterfeit phishing emails seeps into our inboxes.
In countering these assaults, software as a Service (SaaS) beats traditional software on several counts:
- As new threats emerge, SaaS can counter them immediately, updating defenses in the cloud that protect our earth-bound computers and networks.
- No hassles updating software. Do you ever get tired of Windows Updates? With SaaS, updates can happen automatically and silently, not disrupting your work or requiring you to lift a finger.
- Quality control is essential for SaaS. If it has a bug, every subscriber has the bug. The vendor can fix it in one place and it applies immediately to everyone. No painful, slow, manual roll out and update steps are required.
Of course, SaaS isn't a panacea. Its quality is only as good as the people who create and maintain it. If a SaaS company doesn't maintain stringent security standards, all of us subscribers are at risk.
Still, professionally managed SaaS companies stand a better chance of countering cyberthreats to their services than we do in our small firms. Typically we don't have the levels and layers of protection that SaaS companies do. They can afford security operations centers (SOCs) with watchful eyes working 24/7/365.
So the next time you balk at the idea of paying for another subscription, look at it from a different perspective. There is a professional team behind that SaaS service looking out for you and thousands of other customers.