The overarching aim of our research project was to determine whether replacing the traditional on-premises IT security model with SECaaS is a sensible decision in the context of small to medium-sized organizations. To accomplish this goal, a comparative analysis of the two cybersecurity models was conducted whereby relevant evidence was extracted from existing information. Findings revealed that the IT security management function is too sensitive to be left in the hands of a third-party cloud services provider. Rather, the function ought to be managed internally to minimize the potential attack vector as much as possible. However, despite our primary finding, we note that when cloud-based apps, operations, and data are involved, the SECaaS model is considered to be the most suitable IT security management approach. In particular, SECaaS outperforms the premise-based security model in the following core dimensions: cost-savings, ease of management, scalability and agility, expertise, constant updates, and cost- effective compliance. In our current research, we document the differences between the on-premises IT security and SECaaS models, and justify the case for SECaaS as the most suitable approach primarily focusing on the suite of cloud-based cybersecurity tools packaged with Microsoft 365 Business.
展开▼
