listen to this article:
Let’s play out a scenario: you’re a mid-sized organization (or larger) dealing with cryptocurrency and blockchain keys – and you must keep them secure.
Your organization has decided not to develop its digital asset security infrastructure internally. The next natural option? Security-as-a-Service vendors to handle the security aspect for you.
Will SaaS be up to the task? In this article, we’ll explore the pros and cons, benefits, and tradeoffs of choosing SaaS for protecting digital assets.
SECaaS in the Secure Digital Asset Space
Whereas a DIY digital asset security system usually involves deploying and managing an amalgam of hardware-based security to protect digital asset keys, “cold” storage, and multi-sig technology, Security-as-a-service provides businesses with an easy-to-manage, outsourced alternative for their security needs.
SECaaS for digital assets often include the vendor handling the following:
- Handle the organization’s key protection
- Secure all transactions
- Publish transactions to the blockchains of the ledgers which they support (more on that below).
SECaaS Pros & Cons
From a practical standpoint, here are the pros and cons of such a system:
Service performance and resilience
SECaaS vendors typically invest in building robust and high-performance infrastructure, and on a day-to-day operations level, help organizations by offloading administration and maintenance overhead.
However, the risks involved with outsourcing critical systems apply to security as well. Organizations are vulnerable to losses and reputation damage caused by service outages; the SaaS client is only as operational as the service itself and has limited control during periods of maintenance, outages, etc.
In addition, organizations are limited to the backup and resilience capabilities provided by the SECaaS vendor.
SECaaS clients are limited to the operations, core features, ledger support, and service options provided by the vendor. If a client wishes to expand to new service types, or add support for new or custom blockchain ledgers/assets to their existing services, for example, they are limited by the flexibility (and setup time) of the SaaS vendor.
Opting for SECaaS: What to Ask
SECaaS may be a viable option for organizations with a certain size or growth capability. But for companies who consider digital assets a strategic part of their offering, service flexibility and risk control aspects are critical to consider, as over time they can have a huge business impact. Here are the critical questions we recommend exchanges, custodial services, trading platforms, and other cryptocurrency service providers ask while evaluating their options:
- What happens if you have a new requirement that the SECaaS vendor does not support?
- Will outsourcing your operations inhibit your organization’s ability to grow and expand?
- What are your reasons for deciding to outsource security services? If your SECaaS vendor’s services go down so your customers can’t transact, will your SLA with the service provider cover your losses?