Do You Need an SDaaS? (Security Director as a Service)

Ever heard of Security Director as a Service (SDaas)?  It’s based on the SaaS concept.

Software as a Service is a business model.  It allows organizations to subscribe to a service that provides software hosted on remote sites. With the development of cloud computing, SaaS has become one of the technology industry’s fastest growing and most promising sectors.

And today, “as a Service “it is expanding beyond software. Some small to medium-sized organizations are now calling for a new type of “as a Service” to help them with their security. What they are looking for is SDaaS – Security Director as a Service.

The History of SaaS.

What may surprise you is that SaaS is not new. Back in the 1960s, when computers were big and very expensive, many organizations invested in “time-sharing” networks that would allow a minicomputer to be placed in their office location. This minicomputer was connected to a mainframe located somewhere else, often thousands of miles away, and operated by a primary software provider.

These office minicomputers were referred to as “dumb terminals” because all they did was connect to the giant mainframes. The subscription service provided the software application and stored the organization’s data. Initially they were connected using dedicated telephone lines, but eventually, early forms of what we now know as the Internet were introduced.

The types of information carried over early SaaS systems included:

  •   Payroll and accounting services
  •   Search engines for specific industries and professions, e.g., courts and attorneys
  •   Scientific data for particular sectors
  •   Military information
  •   Information for law enforcement organizations

However, by the 1980s, the growth of SaaS began to wither. The shrinking size and cost of business computers along with increased storage capacities and less costly software became the death knell for SaaS. More companies found they could afford to purchase their own mainframe computers and software. Relying on time-sharing systems was no longer needed.

While the SaaS business model suffered, a turnaround was in the works. By 2000, organizations returned to the SaaS model. Among the reasons were the following:

Data security problems. Hackers and cybersecurity became a growing problem, and organizations found protecting their in-house mainframes increasingly costly.

Operating system limitations. New software programs were introduced but often could run only on specific operating systems. Some organizations found that the mainframe computers they had invested in were quickly outdated. 

Software costs. While the cost of software decreased in the 1980s, more organizations found they had to update their software programs continually. This became costly for small and medium-sized companies.

Software scalability. Organizations with multiple offices discovered that the software programs they purchased for one location could not always be used in another due to licensing agreements. Purchasing the same program for multiple locations was a cost issue not only for smaller companies but large ones as well.

But Why SDaaS?

As we review why the SaaS business model rebounded, one common issue we see is cost. Organizations found it was much more cost-effective to subscribe to a service that provided the services they needed along with upgrades and enhancements all in one program.

The same is true today as organizations analyze their security programs. Organizations are coming to believe working with a professional security consulting firm that offers an SDaaS program could:

  •   Prove cost effective
  •   Fill gaps in their current security procedures and staffing
  •   Be flexible, offering short-term and long-term coverage
  •   Provide expert security advice when needed, as needed
  •   Be scalable so it can be used at multiple locations, not just one
  •   Meet regulatory requirements, such as OSHA’s General Duty Clause

The General Duty Clause is very broad and a concern for many organizations. It requires employers to protect employees’ health and safety from any serious hazard once they’re aware of it – or should have been aware of it – whether OSHA’s rules specifically address it or not.

SDaaS would save organizations money in one more way. It allows them to focus on what they do best and leave security and risk management to an outside professional at a fraction of the cost.

“This service has proven invaluable for small to midsize companies that can’t yet afford to have their own in-house security director,” said Johnathan Tal. “Unfortunately, not having someone in charge and responsible for physical security and risk often results in unintended liability and unexpected expenses.”


Oscar Villanueva is a Professional Certified Investigator, private investigator, and the Chief Operating Officer for TAL Global, an International Security Consulting and Risk Management.  He can be reached here.

© TAL Global, 2019