The “X” in “XaaS” is tantalizingly broad. It stands in for “anything.” Yet for many organizations, the definition of “the cloud” still revolves around three primary use cases: of Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).
By broadening your cloud horizons, you can create leaner, more adaptable IT operations, especially on the security and risk management front. Here are three underutilized Anything as a Service offerings you might be missing out on.
Security as a Service
Typically, organizations have had to make a sort of trade-off when moving from on-premises software suites to cloud software solutions. While they are able to take advantage of subscription pricing models and automated updates through SaaS, they usually also have to give up some of their control over how to secure the solution. For example, the cloud versions of popular software programs sometimes make it impossible to implement data loss prevention tools or track users’ behavior the way on-premises versions can.
Cloud access security brokers solve this problem, essentially acting as a Security as a Service solution. These tools offer security teams the ability to perform discovery, layer on compliance standards, add DLP and implement user and entity behavior analytics. Organizations can integrate CASBs with their SaaS investments either through network traffic reroutes or through application programming interfaces.
Anti-Malware as a Service
These cloud tools can monitor an organization’s applications against their “intended state,” allowing them to detect and automate responses to apparent attacks that attempt to manipulate the applications and cause them to run in unusual ways. This includes the attack types that have caused organizations the greatest challenges in recent years, including ransomware and distributed denial of service attacks.
The proactive nature of Anti-Malware as a Service tools prevents scenarios where security teams need to “chase” threats throughout their environments. Also, these solutions are isolated from the attack surface, meaning that they can’t easily be disabled by adversaries (who may be able to disable traditional endpoint protection agents).
Disaster Recovery as a Service
Historically, organizations have had to go to great lengths to field effective disaster recovery capabilities — not only creating run books and testing failover procedures, but also setting up replica data centers miles away from their primary sites. Now that organizations have other options, this is a wildly inefficient approach.
I compare the scenario to owning a home: Even though you obviously need a place to live, you probably don’t maintain a whole separate residence (complete with a mowed lawn, full fridge and cable service) just in case something happens to your primary residence. Instead, you just buy homeowner’s insurance.
Disaster Recovery as a Service is a bit like homeowner’s insurance. DRaaS gives organizations the ability to replicate their data in the cloud, along with the ability to fail over (and, importantly, bring back) their entire production environment, should the need arise. While the concept has caught on in the corporate world, implementation is still lagging.
This is partly because many organizations have made capital investments in DR infrastructure, with different components all aging out at different times. In other words, there’s never a singular compelling event pushing most organizations toward DRaaS. For these organizations, I suggest bringing in a partner to help build a DR strategy that will serve the business and eventually lead to a full DRaaS solution.