June 29, 2022

   The Security as a Service system

The Security as a Service systemThe security of software services accessible over the Internet has always been the most important crosscutting non-functional requirement. The recent advent of the cloud computing paradigm and its wide spread have created a new challenge for the security of the existing cloud service and opened the way for a new concept by adequately explaining the problems related to the delivery model and usage pattern of the existing cloud service. Security-as-a-Service (SecaaS), i.e. the ability to develop reusable software services that can be configured as standard cloud services to provide appropriate security features. In this context, there is a strong need for assessment techniques as well as methods and tools for modelling security problems. actual realization. This paper proposes a meta-model to support modelling of security services in cloud computing environments and an approach to guide the identification and integration of security services within a standard cloud delivery model. Proposals are exemplified by case studies.

  • Applications and underlying infrastructure are abstracted and provided through service interfaces.
  • Standardized network access by any device
  • The scalability and flexibility of the underlying infrastructure
  • Shared and multi-tenant resources
  • On-demand self-service provisioning and near real-time deployment
  • Flexible, granular pricing with no upfront commitments.

Based on KARK ’s market-oriented classification of outsourced security services and adaptations of SENK and HOLZAPFEL , we classify SECaaS systems . This taxonomy was recently validated by a survey of existing SECaaS offerings. According to that survey, the majority of existing SECaaS offerings include an Endpoint Security or Content Security application. The author further addresses the insufficient compliance of existing systems with cloud and SaaS design principles. In particular, inflexible pricing models often limit the potential value of traditional SECaaS systems. The granularity of SECaaS offerings can range from granular basic services that address very specific security requirements (such as biometric user authentication) to coarse-grained solutions that cover a broad set of security features.