I first read an article in InformationWeek titled SaaS Makes A Run At Security and then found this very similar article by the same author online.
I've posted recently about identity as a service (be sure to check the comments and links if you visit that posting). But my day job dictates that I think more about identity reporting as a service. (intelligence around who has what access and what changes are being made).
One of the striking take-aways from the article is the Gartner estimate that by 2018, 85% of security intelligence will be offered as a service. I guess the words "offered as" seem to deflate the energy of the claim. I wonder what the estimates are for how much will be consumed as a service in 10 years.
In any case, I think the writer hits on the right points - cost and complexity. Especially for the mid-market (his target audience). I think (particularly in the mid-market) the simplification of key capabilities will outweigh the emotional hurdles that make SaaS a tough sell for security. Of course, actual security capabilities may remain a harder sell than security capabilities. That is, companies may be more willing to have managed identity reporting than managed provisioning.
I think mid-market security practitioners want their lives to be easier. They're not driven by the same concerns as large enterprises. What do you think?