Silver Linings

Security as a Service (SecaaS)

SecaaS is by far the most popular working group of the CSA for the simple reason that this is where most of the money will be. Security as a service has some potentially huge benefits: Large providers can hire expertise that smaller businesses simply cannot afford, run 24/7 operations, and ideally do things cheaper than you can. The accounting people are also excited. Anytime capital expenditures, like buying servers and firewalls, can be traded for operational expenditures, chances are they'll jump at it. The tax benefits are often worth it, and it makes the shareholders happy, assuming you get the same level of service, which is where the problem often lies.

Giving Users a Voice

One problem with standards is that the people with a vested interest (such as vendors) tend to be the most vocal and active because they stand to make a lot of money. The majority of users will typically not make a huge effort to be heard, resulting in standards that are vendor driven and sometimes quite useless. One aspect of the CSA is organizing users and giving them a voice. At last count, the LinkedIn group had almost 18,000 users. Through polls (e.g., the SecaaS Categories of Security Services) and by simply allowing users to raise issues, on hopes the concerns of all will be addressed.