Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

Art Gilliland on the need for security as a service


Our main Discover Performance site just wrapped up a two-part interview with HP Enterprise Security Products SVP Art Gilliland (which you’d know if you were signed up for our e-newsletter), and the new installment covers a lot of provocative thoughts, including the idea of protecting less data, better.


In the excerpt below, Gilliland discusses security as a service.  As cloud and software as a service move into corporate IT departments, two security questions have been, first, how to secure those services, and second, whether it makes sense to buy security services from a cloud provider. HP jumped into that arena with Fortify on Demand, and here, Gilliland discusses why (and when) a SaaS model for security makes sense.


Art_Gilliland.jpgQ: We know that many enterprises, especially small ones, have come to rely on the as-a-service models. Is security as a service wise, and what’s the overall market outlook?

AG: It is wise, and here’s why: security as a service allows us to buy expertise that we could never afford or couldn’t find. If I’m a small company in rural Indiana, and I am going to compete against companies in other parts of the country for talent, I am going to have to hire and train security expertise in rural Indiana. Some of the best local candidates will drive to Chicago to earn the highest wage. Others will decide to work for the government, because they want the most interesting and complicated problems.


It is very difficult for that company in Indiana to maintain the level of skill they need over the long term. However, the as-a-service model can often deliver more evolved security capabilities and a higher level of process maturity than an individual company can afford on its own.


A specific example of this is HP’s Fortify on Demand solution for testing applications. Organizations care about application security, but often don’t have the resources and expertise to triage all of the information they get back about the vulnerabilities in their applications. Buying this expertise as a service is a great way to let your people focus on what they know how to do best, which is building the products and services your customers want.


Q: Is the market more of a one-service-at-a-time model, or are there companies that outsource the whole security function?

AG: I think you could do either. It really depends on your individual risk posture and where your company wants to focus its resources. Some of the largest organizations—the most secure organizations in the world—use outsourcing very effectively to augment their skills to deliver the capabilities they need.


For example, in the oil and gas industry it’s not uncommon to outsource IT completely, and security is often a part of that. They do this so they can focus on drilling, finding, producing, and refining oil, because that’s what they’re good at.


There isn’t one right answer, but for a lot of companies, outsourcing gives you access to better skills, better process.


Read Art Gilliland’s full take on the security landscape in 2014: part one covers why—and how—security leaders need to talk to the business, and part two looks at the pitfalls of perimeter defenses, how to focus on the user, and what you really need to protect.


--Brian McDonough, Discover Performance managing editor

0 Kudos
About the Author


This account is for guest bloggers. The blog post will identify the blogger.

See posts for dates
See posts for locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all