A Survey on Security as a Service

  • Wenyuan Wang
  • Sira YongchareonEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10570)


Security as a Service (SECaaS) has been demonstrated to be one of the increasingly popular ways to address security problems in Cloud Computing but still not very widely investigated. As a new concept, SECaaS could be treated as integrated security means and delivered as a service module in the Cloud. Reviewed from a number of related literature, this paper analyzes and categorizes SECaaS into three major groups including Protective, Detective, and Reactive based on security control perspectives. We discuss the three groups and their interplay in order to identify the key characteristics and problems that they aim to address therefore revealing potentials of research and industrial application in the cloud security and service-oriented computing field.


Security as a service Cloud security Security controls 


  1. 1.
    Khan, M.A.: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)CrossRefGoogle Scholar
  2. 2.
    Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34, 1–11 (2011)CrossRefGoogle Scholar
  3. 3.
    Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N., Zhan, Y.: Investigation of IT security and compliance challenges in security-as-a-service for cloud computing. In: 2012 15th IEEE International Symposium Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), pp. 124–129, April 2012Google Scholar
  4. 4.
    Getov, V.: Security as a service in smart clouds–opportunities and concerns. In: 2012 IEEE 36th Annual Computer Software and Applications Conference, pp. 373–379, July 2012Google Scholar
  5. 5.
    Lee, Y.C., Kim, Y., Han, H., Kang, S.: Fine-grained, adaptive resource sharing for real pay-per-use pricing in clouds. In: 2015 International Conference on Cloud and Autonomic Computing (ICCAC), pp. 236–243, September 2015Google Scholar
  6. 6.
    Gupta, A., Chourey, V.: Cloud computing: security threats and control strategy using tri-mechanism. In: 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), pp. 309–316 (2014)Google Scholar
  7. 7.
    Furfaro, A., Garro, A., Tundis, A.: Towards security as a service (SecaaS): on the modeling of security services for cloud computing. In: 2014 International Carnahan Conference on Security Technology (ICCST), pp. 1–6, October 2014Google Scholar
  8. 8.
    Arbel, L.: Data loss prevention: the business case. Comput. Fraud Secur. 2015, 13–16 (2015)CrossRefGoogle Scholar
  9. 9.
    Albakri, S.H., Shanmugam, B., Samy, G.N., Idris, N.B., Ahmed, A.: Security risk assessment framework for cloud computing environments. Secur. Commun. Netw. 7, 2114–2124 (2014)CrossRefGoogle Scholar
  10. 10.
    Hussain, M., Abdulsalam, H.: SECaaS: security as a service for cloud-based applications. In: Proceedings of the Second Kuwait Conference on e-Services and e-Systems, p. 8, April 2011Google Scholar
  11. 11.
    Rieke, R., Coppolino, L., Hutchison, A., Prieto, E., Gaber, C.: Security and reliability requirements for advanced security event management. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 171–180. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33704-8_15CrossRefGoogle Scholar
  12. 12.
    Wenge, O., Lampe, U., Rensing, C., Steinmetz, R.: Security information and event monitoring as a service: a survey on current concerns and solutions. PIK-Praxis der Informationsverarbeitung und Kommunikation 37, 163–170 (2014)CrossRefGoogle Scholar
  13. 13.
    Pawar, P.S., Sajjad, A., Dimitrakos, T., Chadwick, D.W.: Security-as-a-service in multi-cloud and federated cloud environments. In: Damsgaard Jensen, C., Marsh, S., Dimitrakos, T., Murayama, Y. (eds.) IFIPTM 2015. IAICT, vol. 454, pp. 251–261. Springer, Cham (2015). doi: 10.1007/978-3-319-18491-3_21CrossRefGoogle Scholar
  14. 14.
    Haji, J.: Airline business continuity and IT disaster recovery sites. J. Bus. Continuity Emerg. Plann. 9, 228–238 (2016)Google Scholar
  15. 15.
    Cloud Security Alliance SecaaS - Defined Categories of Services (2016)Google Scholar
  16. 16.
    Munyaka, D., Noviansyah, B., Goel, V., Yenchik, A., Durham, S.: Cloud computing security. Telecommun. Manage. 1–20 (2012).
  17. 17.
    Symeonidis, H.: Cloud Computing security for efficient Big Data delivery (2016)Google Scholar
  18. 18.
    Srinivasan, S.: Cloud computing evolution. Cloud Computing Basics. SECE, pp. 1–16. Springer, New York (2014). doi: 10.1007/978-1-4614-7699-3_1CrossRefGoogle Scholar
  19. 19.
    McLaren, C.C., Juvekar, P.R., Darisi, P.: Identity and access management. U.S. Patent Application, p. 241 (2013)Google Scholar
  20. 20.
    Waters, M.: Evaluating Identity and Access Management (IAM) as a Cloud Service (2016)Google Scholar
  21. 21.
    Song, X.D., Fischer, I., Altekar, G., Martignoni, L., Pavlinovic, Z.: Secure surrogate cloud browsing. U.S. Patent and Trademark Office, July 2016Google Scholar
  22. 22.
    Raphel, J., Kailash, K., Apte, M.S., Chaudhry, J.S.: Guest account management using cloud based security services. U.S. Patent and Trademark Office, August 2014Google Scholar
  23. 23.
    Garkusha, A.: Building data in motion DLP system from scratch using open source software and confirming its effectiveness within capture the flag competitions. In: The 8th International Conference on Security of Information and Networks, pp. 54–57 (2015)Google Scholar
  24. 24.
    Gugelmann, D., Studerus, P., Lenders, V., Ager, B.: Can content-based data loss prevention solutions prevent data leakage in Web traffic? IEEE Secur. Priv. 13, 52–59 (2015)CrossRefGoogle Scholar
  25. 25.
    Freire, C., Gatterbauer, W., Immerman, N., Meliou, A.: The complexity of resilience and responsibility for self-join-free conjunctive queries. Proc. VLDB Endowment 9, 180–191 (2015)CrossRefGoogle Scholar
  26. 26.
    Foster, I.D., Larson, J., Masich, M., Snoeren, A.C., Savage, S., Levchenko, K.: Security by any other name: on the effectiveness of provider based email security. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 450–464, October 2015Google Scholar
  27. 27.
    Jung, T., Li, X.Y., Wan, Z., Wan, M.: Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Trans. Inf. Forensics Secur. 10, 190–199 (2015)CrossRefGoogle Scholar
  28. 28.
    Wood, T., Cecchet, E., Ramakrishnan, K.K., Shenoy, P.J., van der Merwe, J.E., Venkataramani, A.: Disaster recovery as a cloud service: economic benefits & deployment challenges. HotCloud 10, 8–15 (2010)Google Scholar
  29. 29.
    Meszaros, J., Buchalcevova, A.: Introducing OSSF: a framework for online service cybersecurity risk management. Comput. Secur. 65, 300–313 (2017)CrossRefGoogle Scholar
  30. 30.
    Sommer, T., Nobile, T., Rozanski, P.: The conundrum of security in modern cloud computing. Commun. IIMA 12, 2 (2014)Google Scholar
  31. 31.
    Aniyikaiye, J., Udoh, E.: Web services gateway: taking advantage of the cloud. Int. J. Grid High Perform. Comput. (IJGHPC) 8, 85–92 (2016)CrossRefGoogle Scholar
  32. 32.
    Tolba, A.: An ontological framework for controlling service responses in hybrid cloud. J. Emerg. Trends Comput. Inf. Sci. 5, 871–876 (2014)Google Scholar
  33. 33.
    Shibli, M.A., Masood, R., Habiba, U., Kanwal, A., Ghazi, Y., Mumtaz, R.: Access control as a service in cloud: challenges, impact and strategies. In: Mahmood, Z. (ed.) Continued Rise of the Cloud. CCN, pp. 55–99. Springer, London (2014). doi: 10.1007/978-1-4471-6452-4_3CrossRefGoogle Scholar
  34. 34.
    Cheng, T., Teizer, J.: Real-time resource location data collection and visualization technology for construction safety and activity monitoring applications. Autom. Constr. 34, 3–15 (2013)CrossRefGoogle Scholar
  35. 35.
    Cook, J.: A six-stage business continuity and disaster recovery planning cycle. SAM Adv. Manage. J. 80, 23 (2015)Google Scholar
  36. 36.
    Sahebjamnia, N., Torabi, S.A., Mansouri, S.A.: Integrated business continuity and disaster recovery planning: towards organizational resilience. Eur. J. Oper. Res. 242, 261–273 (2015)MathSciNetCrossRefGoogle Scholar
  37. 37.
    Snedaker, S.: Business continuity and disaster recovery planning for IT professionals. Newnes (2013)Google Scholar
  38. 38.
    Liu, B., Chen, Y., Hadiks, A., Blasch, E., Aved, A., Shen, D., Chen, G.: Information fusion in a cloud computing Era: a systems-level perspective. IEEE Aerosp. Electron. Syst. Mag. 29, 16–24 (2014)CrossRefGoogle Scholar
  39. 39.
    Sharma, D.H., Dhote, C.A., Potey, M.M.: Security-as-a-service from clouds: a comprehensive analysis. Int. J. Comput. Appl. 67, 15–18 (2013)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of IT and Software EngineeringAuckland University of TechnologyAucklandNew Zealand

Personalised recommendations