This document discusses the history and future of security as a service (SaaS). It outlines how security has evolved from protecting individual computers to protecting networks and now personal digital data. The document suggests that SaaS is not a new concept, but rather the explicit outsourcing of security infrastructure to the cloud. It notes potential benefits of SaaS including managed security, authentication management, and ongoing security tasks like patching and logging. However, it also lists trust and potential marketing issues as concerns for the SaaS model. Ultimately, the document argues that SaaS could work if implemented thoughtfully to address ongoing security threats to user data and authentication.

1. SaaS - Security as a Service
------
bullshit bingo … or just a future glimpse
by Vitor Domingos
http://vitordomingos.com

6. Security History
1.0 – Computer
2.0 – Network
3.0 – Information
4.0 – Your digital you

7. Security Menace History
1.0 – Virus, Stealing Information
2.0 – Worms, Trojans, Virus
3.0 – DDoS, Trojans, Identity Theft
4.0 – FarmVille, Mafia Wars, Data Theft

8. Firewall History
1 Gen – Packet
2 Gen – Application Layer
3 Gen – Stateful
4 Gen – Semantic
5 Gen – Personal

9. security is about information

10. ring
now s ecu
security is about information

11. divide and conquer no longer applies

13. Security as a Service
- nothing new; more explicit
- managed security, rented security
- outsourcing security infrastructure > cloud
- auth management
- secure API's
- ongoing tasks (patch, scan, log, defend)

15. SaaS Meh's
- it's the web baby
- secure web gateways
- cloud security provider
- managed security 2.0
- trust
- bandwidth

17. it could work
- not with marketing bullshit
- XSS, data injection, data leak
- auth, weak password validation
- worm, trojan, bruteforce, DDoS
- secure not the browser, but the pipe
- social firewall ?

21. Vitor Domingos - vd@prt.sc