Symantec has taken its initial step into the software as a service (SaaS) market, introducing a set of hosted applications for small and medium enterprises.
The company said that the launch of its Online Backup Service, which provides outsourced data storage and disaster recovery services to SME customers, is merely the first piece in a wider set of offerings it will introduce dubbed Symantec Protection Network, which will eventually include a full range of hosted security tools.
Hosted applications - provided through the SaaS model - aim to help companies eliminate many of the overhead expenses and hassles commonly associated with consuming traditional software products.
By offloading maintenance and care of the security applications to the vendor, who hosts the systems online, companies no longer have to worry about keeping their various products up-to-date with the latest patches or virus signatures, or worry as much about responding to emerging attacks, Symantec executives said.
Much as Salesforce.com has revolutionised the manner in which many companies utilise customer relationship management (CRM) applications with its hosted sales force automation tools, Symantec executives said the security company has big ideas for SaaS, even if it is starting out with its smallest customers first.
Smaller companies with limited IT resources are the best fit for the tools initially, but larger customers will eventually begin moving over, executives said.
"The SME market is the right place for us to start because there are a lot of companies who haven't been able to afford some of these applications before," said Jeff Hausman, senior director of product management for Symantec's Security Response and Managed Security Services business units. "But we believe that someday enterprises will consume many security applications in this manner too."
The executive said that explaining the strengths of hosted applications to customers is not a challenging process anymore. "There has been great adoption of other business applications, such as Salesforce.com, over the last several years and people are realising the benefits of deploying and using technology in this way," Hausman said.
Over the next year, the software maker plans to add new services such as hosted anti-malware and network security applications to Symantec Protection Network, which is ideally suited for businesses with less than 1,000 employees. However, the security services are not limited in any way from use by larger organisations, Hausman said.
All the various services the company adds to the system will be controlled via a centralised online portal, making management of the tools even easier, according to the firm.
Symantec is not the first security company to enter the SaaS market, as a number of smaller providers are already offering outsourced security services, including Qualys, a vulnerability auditing specialist with a long list of well-known enterprise customers.
While providing outsourced security is different than supporting CRM tools, in that any outage in the services could prove extremely dangerous for customers, Hausman said the success of Salesforce, Qualys, and other SaaS companies has proven the model does not introduce additional risks.
"We already offer proven solutions for backup serving millions of customers every day, so there's a level of trust there. But we also have multiple redundant datacentres and other protections in place to eliminate those types of concerns," Hausman said. "There's a very good chance that the data is more secure with us than it would be inside any company's operations."
The initial backup and recovery service rollout will involve a group of 30 of Symantec's closest North American partners, including many of its resellers.
While most SaaS products are marketed directly from applications providers to end-users, Symantec maintains that its reseller channel will play a key role in developing the new area of its business. In addition to remaining the closest point-of-contact for sourcing its tools to most SME customers, resellers will be able to customise the SaaS programs to better suit the individual needs of each company, Hausman said.
At least one of Symantec's partners said it is not scared off by the arrival of SaaS, but rather views it as an opportunity.
"We've been talking to Symantec about this for a while and trying to understand how we play in all of this, and we appreciate being part of the process as they've built this thing. We do feel there are opportunities for additional services," said Jonathan Dambrot, managing director at reseller Prevalent Networks.
"We're looking at ways to build services around the components," Dambrot said. "With backup, we can help companies decide what data they need to back up, or how they can recover from disasters even more quickly."
Another change for Symantec in moving into the SaaS space will be shifting its licensing from multiyear agreements to a monthly subscription model.
Hausman said he did not believe the change would dramatically affect the way in which Symantec reports its sales revenue, especially as he believes the overall movement to SaaS will take a number of years, especially within larger customers.
The executive said he believes that many customers will someday choose to buy some tools via the SaaS mode while maintaining some others in-house.
"If you look at market statistics, software is still the primary vehicle to solving problems, but many companies, especially smaller customers, are being underserved because for whatever reason they're not able to access and use software," Hausman said. "I imagine that down the road we will have a healthy mix of companies who want one or the other, and many who desire a mix of software and services to suit different needs."
Industry analysts have predicted that demand for security software services will likely come first from the SME segment, but indicated that the tools will likely catch on with enterprises as the applications prove themselves reliable.
According to a study of SMEs conducted by Forrester Research in late 2006, companies with fewer then 1,000 users listed hosted security applications as their top interest in moving to SaaS products. Overall, 44% of the companies surveyed by Forrester said they are actively using the tools today or plan to adopt security software services in the near future.
"There does seem to be a general trend across software as a service where adoption starts with smaller companies and then moves upstream," said Liz Herbert, an analyst with Forrester. "And like most other areas, more commoditised pieces of security will likely take off as hosted services first."
The analyst said there could be significant opportunities in some areas of security SaaS in the future.
"For something like desktop security, where the process used is very similar between companies, there will be the best fit," Herbert said. "For more specialised security applications there won't be as much interest."