Vulnerability assessment services may be ripe for SaaS

Qualys is trying to do for hosted security services what Salesforce.com did for hosted CRM. The company has a SaaS service that monitors a customer's networks and identifies potential vulnerability points. It's called vulnerability assessment and, in this age of regulation and compliance, it's a pretty compelling offering. Matt Hines has an article on hosted security on ExtremeNano.com that talks about how enterprise objections to hosted security services are breaking down.

I spoke to a Qualys customer at Marine Corps Community Services, which oversees a sprawling network of facilities and services for U.S. Marines, and he raved about the benefits of the hosted vulnerability assessment. You'd think the Marines would have pretty good internal security monitoring in place, but this user said Qualys found several major vulnerabilities that his IT organization was unaware of. Also, since the Qualys service operates constantly in the background, new vulnerabilities that are introduced by changes to the network are flagged immediately. You don't get that if you do your internal assessment every six months or so.

The ExtremeNano article cites a few other companies that are trying to break into this market. It could be that this will be the first part of the corporate infrastructure market to get penetrated by SaaS companies.

The SaaS Revolution blog is brought to you by SaaScon and Computerworld.