Q&A: Software-as-a-Service and Threat Management
by HNS Staff - Monday, 7 July 2008.
Misha Govshteyn is the CTO and responsible for security strategy, security research and operations at Alert Logic. In this interview he discusses Software-as-a-Service (SaaS), log management, compliance, threat management and more.

Why is the Software-as-a-Service (SaaS) model a good fit for log management?

Software-as-a-Service is a perfect model for non-business critical problems that are too messy to be solved on premise. People donít realize this, but the biggest SaaS company today is Google. No one wants to store terabytes of search data just to find a web site for a car wash. Same goes for log management. No one is going to make more money because they retain a complete archive of logs for the last 12 months or 7 years. But it still has to be done. Compliance requires it and itís hugely important for forensics. And while it may not contribute to earnings, it has real potential to prevent losses. How different would ChoicePoint investigation have been if they had retailed their full audit trail? Would the breach have been detected faster? The answer is, yes. Absolutely.

Log Management requires storage, databases and computing capacity that most companies are not prepared to deal with. The cost of buying storage is dwarfed by the amount of money and effort required to manage that storage and the amount of data increases every day as people collect more logs. Suddenly they have a lot more storage they need to manage and backup than they expected originally. Products they bought just a year ago begin to look inadequate. SaaS takes that entire problem offsite. Why bother thinking about how to manage all that complexity when you can just subscribe to software that has storage built into it?

Another interesting point is stranded capacity. There is a log management company out there that sells you 5-6 servers that run as a grid attached to a SAN. Their product is very fast, but most of the time those appliances sit idle and burn power. Truth is that most of the time you will not be searching through a huge archive of logs, so the computing capacity and power is essentially wasted until you actually need it. When you buy traditional software you are, in fact, contributing to global warming. With SaaS, youíre saving the world. Log Management under the SaaS model allows you to change the economics in a very powerful way. Customers are starting to figure that out and as soon as word gets out old school software will never seem quite the same.

What has been your biggest challenge as the CTO of Alert Logic?

In many ways my challenges mirror very closely those of my customers. How do I interpret mounting regulatory requirements and translate them into real-world processes that satisfy the auditors while making my network secure? Security and compliance should follow the same path, but the ambiguous nature of regulations often forces CIOs to choose one or over the other. Many of the customers I talk to find that all their resources are tied up in implementing compliance controls only useful during an audit, but fail to add much to practical security.

What do you see your customers most worried about?

We spent years helping people lock down their networks and make them more resilient to network worms and attacks. We still do, but availability anxiety has been replaced with liability anxiety. There are two classes of customers we work with.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th