The Service Provider of Tomorrow, part 7: Revenue-producing Infrastructure SaaS Fills the Void

Increasingly, IaaS market leaders will rely on infrastructure SaaS providers to complement their core capabilities and round out their offerings, starting with security and compliance.

Whether you are a managed hosting provider seeking to move up-market into enterprise hosting, or a cloud service provider seeking to add managed services, you face a strategic challenge in filling the void between simply deploying raw infrastructure as a service (e.g., a provisioned but unmanaged OS instance) and offering your business customers a fully-managed infrastructure stack. As an IaaS provider, your job is to integrate best of breed solutions into a coherent whole. Automation is key.

In the traditional/discrete hosting world, the toughest nut to crack in the IaaS realm has been security and compliance. This has led Chris Hoff to proclaim “security doesn’t scale.” This is a key reason why so few Enterprise Hosting companies exist, and why the leaders in this segment tend to have dedicated MSSP business units to deliver the security and compliance layers of the infrastructure stack. (And even then, as several of these MSSPs have demonstrated, their home-grown solutions do not scale well – up or down.)

When it comes to managed security and compliance services, SaaS is the way to go. Security SaaS providers are not just vendors, they are your partners in deploying a complete IaaS solution for your customers. With security being an increasingly key element of the infrastructure stack, and security services being revenue-producing for IaaS providers, Security SaaS is the leading example today of revenue-producing Infrastructure SaaS. This new market segment will expand further as public cloud services proliferate.

In the new world of public clouds, incorporating security and compliance into an integrated IaaS solution will be even tougher without leveraging a customer-facing SaaS solution from a software vendor focused on security and compliance. As previously discussed, cloud service providers are dealing with way too much complexity to moonlight as security SaaS companies.

IaaS customers are growing increasingly accustomed to this, and we expect the market to continue evolving in this way, with IaaS providers serving as aggregators of infrastructure services – some provided by themselves and others provided by SaaS specialists – and differentiating primarily through integration, automation and customer service.

Whereas security and compliance has been the shining example of infrastructure SaaS benefiting the traditional hosting world (as Alert Logic has shown through its successful partnerships with more than 15 of the global leaders in hosting), with public clouds there will be far more infrastructure SaaS opportunities in areas ranging from storage to middleware to security.

As discussed previously, the trick in moving to these levels of service lies in automating not only the provisioning, metering and billing for service, but also automating support for each layer of the IT stack. Support automation is tough. SaaS specialists at each layer of the stack (such as Alert Logic in security and compliance) have the unfair advantage … cloud providers will leverage this advantage in building the secure cloud.

This is part 7 in a running series of posts by Gray Hall, CEO of Alert Logic on the future of the Service Provider industry. Gray’s experience and background give him a unique vantage point to comment and help lead what the Service Provider of Tomorrow has to do in order to be successful. Parts 1, 2, 3, 4, 5 and 6 are also available here on Secure Cloud Review.