Hyperscalers have led the way in proving the power of Software-as-a-Service (SaaS) to unleash new business possibilities, enable operational efficiencies and expedite time-to-value with cloud scalability and pay-as-you-go affordability. For communications service providers (CSPs), now’s the time to jump on the SaaS opportunity—and they can make big gains in 5G security operations.

Despite the hyperscalers example, many CSPs have been cautious about SaaS business models — reluctant to relinquish the control that traditional on-premises software deployments offer. Yet many SaaS offerings do offer visibility and control while eliminating significant risk and burden from CSP operations.

The downside of staying on-premises

With on-premises software deployments, CSPs are on the hook for operational overheads, disaster recovery, and all aspects of configuration, operations and maintenance. If hardware fails, they’re the ones who have to deal with application outages and data downtime, including the associated costs.

At the same time, sticking with the on-premises model deprives CSPs of much-needed agility: deployments are slow to roll out and more cumbersome to update with new releases, especially when upgrades require extensive permissions.

Cloud-native SaaS, on the other hand, offers software hosted in a vendor’s cloud that CSPs can access instantly. It scales up and down easily while requiring minimal upfront investment, with a pay-as-you-go structure that can further help reduce costs.

With SaaS, CSPs don’t have to configure or maintain complex infrastructure. The SaaS provider manages the software, ensuring that any issues are resolved quickly — often, and ideally, without the CSP even knowing. SaaS vendors also typically provide on-call support as an important feature.

The speed with which new technologies and software are deployable in the SaaS environment makes it possible to support interconnected and intelligent systems in a way that simply hasn’t been possible before — accelerating time-to-value in a wide range of domains, including for security operations (SecOps).

What about the security of SaaS itself?

SecOps teams are struggling to keep up. CSPs often have difficulties overcoming  the intersection of security and AI. They’re worried that with 5G progressively underpinning mission-critical services and the threat surface expanding, DDoS and ransomware attacks will increase.

The inherent openness of 5G and cloud can indeed expose networks to security risks, especially in a world where cyber-attacks are more frequent and there’s a larger attack surface with more vectors and the threats have become more complex. Security operations teams are bombarded constantly with thousands of alerts — many of which are either low-priority or false positives, but their traditional software tools can’t make the distinction.

If fear of a breach isn’t enough, CSPs also have to worry about meeting the strict requirements of regulations such as GDPR, CCPA and HIPAA — or face strong penalties for not doing so.

This pressure from all sides has CSP SecOps under strain, making them reluctant to take a chance on departing from the on-premises model. Yet the extent to which even on-premises systems are secure depends on how truly siloed they are from the outside world, and that isolation can come at the expense of speed and operational efficiency. Combining the flexibility of SaaS with automation and AI creates new capabilities to reduce the frequency and cost of cybersecurity breaches.

The potential of SaaS security

SaaS capabilities make it possible to establish a truly single-platform security approach, combining with AI and automation for better real-time information and data about the cause, nature and impact of vulnerabilities and breaches. Every aspect of security operations becomes visible, while built-in intelligence eliminates false positives, supports precise and effective prioritization, and reduces reliance on manual tests and scans. This results in decreased costs, accelerated threat identification and response, and more time to devote to higher-value activities.

With SecOps services such as automated threat detection and response located in the cloud, CSPs can access new features and benefits without investing the time and cost in developing and deploying them themselves.

CSPs are becoming increasingly open to as-a-service contracts. The opportunities are clearly ripe to deliver benefits, specifically in the security domain. The opportunity has arrived for CSPs to seize proven hyperscaler advantages and tackle the complex, large-scale security challenges of 5G.

Find the right partner

A trusted cloud-native SaaS partner will have a strong telco industry reputation and a proven track record. When it comes to security specifically, the CSP should design offerings by telco security professionals experienced in telco cloud security, communication network security, and security management, thereby reducing risk for your CSP business.

Companies in many industries have leaped at the SaaS opportunity to scale, save, and speed up their time-to-market. The moment has arrived for CSPs to join in reaping those benefits, too, and security is one the best places to start.

Gerald Reddig, director of product marketing, security, Nokia