Sophos targets mid-market with security-as-a-service offering
By Gabey Goh February 13, 2014
- Sophos Cloud security-as-a-service offering rolled out in SEA in January
- Allows SMEs especially to beef up security against today's targeted attacks
IT is clear that hackers are becoming increasingly sophisticated in their attacks, shifting toward more targeted approaches aimed at getting specific information.
In an interview with Digital News Asia (DNA), Sophos' Asean director of sales Sumit Bansal said that hackers are not just being a nuisance anymore and are after specific information or targets, usually financial data or corporate information that they can sell to competitors.
“They’ve become very sophisticated and are using some of the known technologies, like botnets and malware, in trying to obtain that information.
“You also see that information about security breaches in the press, with companies like Target and Sony being hacked or government websites being attacked to make a statement,” he said.
With more sophisticated attacks becoming the norm, enterprises are increasingly looking to beef up security measures.
According to research firm Gartner, the worldwide security technology and services market is expected to grow to more than US$86 billion by 2016 as companies continue to expand the technologies they use to protect critical data.
Research firm IDC reported that the Asia Pacific (excluding Japan) IT security products (software and hardware) market had revenues of US$3.6 billion in 2012, up from US$3.2 billion in 2011.
"We anticipate that the overall market will increase to US$6.2 billion in 2017, representing a compound annual growth rate (CAGR) of 11.4%. The security appliance market [is expectred] to grow at a CAGR of 11.8% and the security software market is expected to grow at a CAGR of 11.1% through 2017," Naveen Hegde, research manager, Asia Pacific Infrastructure Software at IDC, said in a report issued by the firm.
“Many organisations continue to prioritise security within their overall IT budget. With advanced targeted threats and the issue of securing the end-user a growing concern, these discussions underscore the urgency of the challenges the convergence of mobility, social and cloud services are presenting to the current security environment. Compliance is also another key driver in the security market,” he added.
In an interview with ComputerWeekly, Ruggero Contu, research director at Gartner, said consistent increases in the complexity and volume of targeted attacks, coupled with compliance-related issues, continue to support security market growth.
Analysts have also noted that mobile security, big data and advanced targeted attacks are the main forces shaping the security technology market. In addition, changes in how security addresses employee-owned consumer devices in the enterprise creates opportunities for technology service providers.
But while large enterprises are increasingly paying more attention and pouring more money into cyber-security, not all companies have the resources to do the same, and this is especially true for small and medium enterprises (SMEs).
In a bid to address the pain points and needs of the mid-market segment, last November Sophos announced a strategy to deliver cloud-managed security solutions that it said would appeal to organisations seeking a simpler approach to IT security.
The launch of Sophos Cloud is the first step in the IT security and data protection company’s strategy of cloud-enabling its entire portfolio, although it said it would continue to innovate and extend its on-premise portfolio, giving IT professionals choice in how to best manage security in their environment.
Making security accessible via the cloud
January marked the official launch of the Sophos Cloud Security-as-a-Service offering in South-East Asia, after it was first rolled out in the United States and Europe.
“We’re trying to bring all we do onto the cloud, enabling companies that have limited IT personnel with simple solutions for their security needs,” said Sumit (pic), who was in Kuala Lumpur recently for an industry seminar introducing the new offering to customers and partners.
Sumit said that South-East Asia is the perfect region and market for a security SaaS (Software-as-a-Service) offering, claiming that customers briefed on Sophos Cloud are really excited about having the option to outsource their endpoint security to a trusted brand such as Sophos.
“Our long-time enterprise customers, which are happy with our enterprise products, are excited with a more cost-effective option to move to the cloud. It’s easy to trial products and see how they compare. Our partners as well have been really excited about it, as they can manage it on behalf of customers as it supports multi-tenanted accounts,” he added.
With the management console hosted on Sophos Cloud, there is no server setup and service can be deployed instantly, providing complete security coverage everywhere, the company claimed. It is intended to deliver all the essential endpoint protection a company needs, without any of the complexity traditionally associated with security management.
“A cloud-based service means customers don’t have to invest in servers or management consoles. We have designed it to be easy to deploy security policies to end-users, to manage and deliver everything through the cloud.
“Companies that want to try it out can go online, sign up using a credit card, and start using the service immediately. We’re also very focused on our channel partner ecosystem and will be working with our partners to make the shift to cloud happen with support,” said Sumit.
He added that the service is ideal for the mid-market segment, where companies with 200 to 2500 employees will find the service, which is priced on a monthly billing cycle, “fair and cost effective.”
“In most mid-market companies, the problem is that there is usually only one IT person managing everything, which is why automating a lot of the processes involved is a core focus for us,” he said.
Sumit said that users also cannot be expected to protect themselves by just manually applying security measures or updates. The rapid pace of change in the security space means that more and more companies will need to rely on a solution that is mostly automated and constantly updated.
“With Sophos Cloud, we currently offer a light code agent for endpoint security, anti-malware tools, network protection and device control capabilities. A key feature is the capability to set user-based management, allowed IT to create different policy groups for different departments, from finance to sales and human resources.
“Our approach is to simplify the security process, and make it an automated process for people in terms of upgrades and protection. It is also to offer IT with limited maintenance resources, better visibility into their networks and the ability to identify those who are not complying with security policies,” he added.
Sumit said that over this calendar year; Sophos will be adding more features to the cloud product until it is on par with its traditional end-point product.
“Right now, some features are not included yet but our roadmap is gearing towards that. Our overall roadmap for our cloud security offering is to first merge our end-point solution with our mobile device solution, followed by the addition of encryption technology into it which is already available in our non-cloud offerings,” he said.
The company also hopes to eventually merge its cloud-based network security console into the Sophos Cloud portfolio.
“The target is to offer by the end of 2014 a complete cloud console for end-to-end security teams. We don’t want to kid ourselves thinking we can do it all at once and are instead doing it in stages. We’re quite excited about the journey and already seeing a steep uptake in markets we’ve launch Sophos Cloud in,” Sumit claimed.
Given the growing concerns over data sovereignty and privacy, when asked where the data resides, Sumit said that Sophos current offers its customers a choice between Europe and the United States during the setup phase.
“I believe that if we can satisfy the privacy concerns of the European Union, we can also do so for Asia. It’s not a certainty at this point but if there is a good uptake in the region, we could see another data centre being based out of Singapore or [elsewhere in] this region to cater to customers,” he added.
Pricing for Sophos Cloud starts at under US$30 per user per year for a 100-user company. For more information, click here.