{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:35:30Z","timestamp":1754156130881,"version":"3.41.2"},"reference-count":84,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2020,9,23]],"date-time":"2020-09-23T00:00:00Z","timestamp":1600819200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IJWIS"],"published-print":{"date-parts":[[2020,9,23]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>This study aims to identify the level of security from existing work, analyze categories of security as a service (SECaaS) and classify them into a meaningful set of groups. Further, the report will advise commercial applications and advice of SECaaS as an extended context to help firms make decisions.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>This paper compares the SECaaS categories in Cloud Security Alliance (CSA) with the security clauses in ISO\/IEC 27002:2013 to give a comprehensive analysis of those SECaaS categories. Reviewed from a number of related literature, this paper analyzes and categorizes SECaaS into three major groups including protective, detective and reactive based on security control perspectives. This study has discussed the three groups and their interplay to identify the key characteristics and problems that they aim to address.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>This paper also adds new evidence to support a better understanding of the current and future challenges and directions for SECaaS. Also, the study reveals both the positive and negative aspects of SECaaS along with business cases. It advises on various sizes and domains of organizations to consider SECaaS as one of their potential security approaches.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>SECaaS has been demonstrated to be one of the increasingly popular ways to address security problems in Cloud computing. As a new concept, SECaaS could be treated as integrated security means and delivered as a service module in the Cloud. However, it is still in infancy and not very widely investigated. Recent studies suggest that SECaaS is an efficient solution for Cloud and real industries. However, shortcomings of SECaaS have not been well-studied and documented. Moreover, reviewing the existing research, researchers did not classify the SECaaS-related categories.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ijwis-06-2020-0031","type":"journal-article","created":{"date-parts":[[2020,9,29]],"date-time":"2020-09-29T03:31:18Z","timestamp":1601350278000},"page":"493-517","source":"Crossref","is-referenced-by-count":5,"title":["Security-as-a-service: a literature review"],"prefix":"10.1108","volume":"16","author":[{"given":"Wenyuan","family":"Wang","sequence":"first","affiliation":[]},{"given":"Sira","family":"Yongchareon","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"year":"2014","key":"key2020110603180501800_ref001","article-title":"Small and medium enterprises (SMEs) in the cloud in developing countries: a synthesis of the literature and future research directions"},{"key":"key2020110603180501800_ref002","unstructured":"Agarwal, S. and Tarbotton, L.C.L. (2017), \u201cSystem and method for preventing data loss using virtual machine wrapped applications\u201d, U.S. Patent No. 9,552,497, U.S. Patent and Trademark Office, Washington, DC."},{"key":"key2020110603180501800_ref003","first-page":"124","article-title":"Investigation of IT security and compliance challenges in security-as-a-service for Cloud computing","volume-title":"15th IEEE International Symposium on Object\/Component\/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW)","year":"2012"},{"issue":"5","key":"key2020110603180501800_ref006","doi-asserted-by":"crossref","first-page":"93","DOI":"10.14257\/ijgdc.2013.6.5.09","article-title":"Cloud computing pricing models: a survey","volume":"6","year":"2013","journal-title":"International Journal of Grid and Distributed Computing"},{"issue":"11","key":"key2020110603180501800_ref004","doi-asserted-by":"crossref","first-page":"2114","DOI":"10.1002\/sec.923","article-title":"Security risk assessment framework for Cloud computing environments","volume":"7","year":"2014","journal-title":"Security and Communication Networks"},{"volume-title":"Managing Information Security Risks: The OCTAVE Approach","year":"2002","key":"key2020110603180501800_ref005"},{"article-title":"Cloud vs data center: what\u2019s the difference?","volume-title":"Business News Daily","year":"2013","key":"key2020110603180501800_ref007"},{"issue":"1","key":"key2020110603180501800_ref008","doi-asserted-by":"crossref","first-page":"85","DOI":"10.4018\/IJGHPC.2016010108","article-title":"Web services gateway: taking advantage of the cloud","volume":"8","year":"2016","journal-title":"International Journal of Grid and High Performance Computing"},{"issue":"5","key":"key2020110603180501800_ref009","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/S1361-3723(15)30037-3","article-title":"Data loss prevention: the business case","volume":"2015","year":"2015","journal-title":"Computer Fraud and Security"},{"issue":"11","key":"key2020110603180501800_ref010","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1016\/S1353-4858(17)30094-6","article-title":"Security challenges for cloud-based email infrastructure","volume":"2017","year":"2017","journal-title":"Network Security"},{"issue":"3","key":"key2020110603180501800_ref011","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1177\/0092070304263341","article-title":"The theoretical underpinnings of customer asset management: a framework and propositions for future research","volume":"32","year":"2004","journal-title":"Journal of the Academy of Marketing Science"},{"article-title":"Legal issues in cloud computing","year":"2011","key":"key2020110603180501800_ref012","doi-asserted-by":"publisher","DOI":"10.1002\/9780470940105.ch24"},{"volume-title":"Corporate Computer Security","year":"2014","key":"key2020110603180501800_ref013"},{"key":"key2020110603180501800_ref014","first-page":"426","article-title":"A joint optimization approach to security-as-a-service allocation and cyber insurance management","volume":"1","year":"2015","journal-title":"IEEE: Trustcom\/BigDataSE\/ISPA"},{"key":"key2020110603180501800_ref015","first-page":"190","article-title":"SECaaS framework and architecture: a design of dynamic packet control","year":"2014","journal-title":"International Workshop on Information Security Applications"},{"key":"key2020110603180501800_ref016","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/j.autcon.2012.10.017","article-title":"Real-time resource location data collection and visualization technology for construction safety and activity monitoring applications","volume":"34","year":"2013","journal-title":"Automation in Construction"},{"key":"key2020110603180501800_ref017","first-page":"23","article-title":"A six-stage business continuity and disaster recovery planning cycle","volume":"80","year":"2015","journal-title":"SAM Advanced Management Journal"},{"key":"key2020110603180501800_ref018","first-page":"1","article-title":"Information security management in local government","volume-title":"IST-Africa Week Conference","year":"2016"},{"key":"key2020110603180501800_ref019","first-page":"1","article-title":"Cloud computing and the organizational performance different approach of assessment","volume-title":"International Conference on IEEE: Cloud Technologies and Applications (CloudTech)","year":"2015"},{"key":"key2020110603180501800_ref020","first-page":"305","article-title":"A taxonomy of security as a service","volume-title":"OTM Confederated International Conferences on the Move to Meaningful Internet Systems","year":"2018"},{"first-page":"450","article-title":"Security by any other name: on the effectiveness of provider based email security","year":"2015","key":"key2020110603180501800_ref021"},{"volume-title":"Survey Research Methods","year":"2013","key":"key2020110603180501800_ref022"},{"issue":"3","key":"key2020110603180501800_ref023","doi-asserted-by":"crossref","first-page":"180","DOI":"10.14778\/2850583.2850592","article-title":"The complexity of resilience and responsibility for self-join-free conjunctive queries","volume":"9","year":"2015","journal-title":"Proceedings of the VLDB Endowment"},{"key":"key2020110603180501800_ref024","first-page":"1","article-title":"Towards security as a service (SECaaS): on the modeling of security services for Cloud computing","volume-title":"International Carnahan Conference on Security Technology (ICCST)","year":"2014"},{"key":"key2020110603180501800_ref025","first-page":"54","article-title":"Building data in motion DLP system from scratch using open source software and confirming its effectiveness within capture the flag competitions","volume-title":"The 8th International Conference on Security of Information and Networks","year":"2015"},{"key":"key2020110603180501800_ref026","first-page":"373","article-title":"Security as a service in smart clouds \u2013 opportunities and concerns","volume-title":"IEEE 36th Annual Computer Software and Applications Conference","year":"2012"},{"issue":"3","key":"key2020110603180501800_ref027","doi-asserted-by":"crossref","first-page":"523","DOI":"10.1109\/TCC.2015.2415794","article-title":"Cloud-trust-a security assessment model for infrastructure as a service (IaaS) clouds","volume":"5","year":"2017","journal-title":"IEEE Transactions on Cloud Computing"},{"issue":"4","key":"key2020110603180501800_ref028","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/MSP.2015.88","article-title":"Can content-based data loss prevention solutions prevent data leakage in web traffic?","volume":"13","year":"2015","journal-title":"IEEE Security and Privacy"},{"key":"key2020110603180501800_ref029","first-page":"309","article-title":"Cloud computing: security threats and control strategy using tri-mechanism","volume-title":"International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT)","year":"2014"},{"issue":"3","key":"key2020110603180501800_ref030","doi-asserted-by":"crossref","first-page":"228","DOI":"10.69554\/UKZX1135","article-title":"Airline business continuity and IT disaster recovery sites","volume":"9","year":"2016","journal-title":"Journal of Business Continuity and Emergency Planning"},{"key":"key2020110603180501800_ref031","unstructured":"Harter, J.L., Palmieri, D.W. and Robke, J.T. (2018), \u201cDynamic optimizing scanner for identity and access management (IAM) compliance verification\u201d, U.S. Patent No. 9,942,261, U.S. Patent and Trademark Office, Washington, DC."},{"key":"key2020110603180501800_ref032","first-page":"47","article-title":"Security and compliance management in cloud computing","volume-title":"International Journal of Advanced Studies in Computers Science and Engineering","year":"2018"},{"first-page":"8","article-title":"SECaaS: security as a service for Cloud-based applications","year":"2011","key":"key2020110603180501800_ref033"},{"issue":"1","key":"key2020110603180501800_ref034","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1109\/TPDS.2015.2398438","article-title":"Cloud performance modeling with benchmark evaluation of elastic scaling strategies","volume":"27","year":"2016","journal-title":"IEEE Transactions on Parallel and Distributed Systems"},{"key":"key2020110603180501800_ref035","unstructured":"IEC, I. 27002 (2013), \u201cInformation technology security techniques-code of practice for information security controls\u201d, available at: www.iso.org\/iso\/catalogue_detail"},{"issue":"1","key":"key2020110603180501800_ref036","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1109\/TIFS.2014.2368352","article-title":"Control Cloud data access privilege and anonymity with fully anonymous attribute-based encryption","volume":"10","year":"2015","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"key2020110603180501800_ref038","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1016\/j.jnca.2016.05.010","article-title":"A survey of security issues for Cloud computing","volume":"71","year":"2016","journal-title":"Journal of Network and Computer Applications"},{"volume-title":"Guide to Computer Network Security","year":"2017","key":"key2020110603180501800_ref039"},{"volume-title":"Cloud Security: A Comprehensive Guide to Secure Cloud Computing","year":"2010","key":"key2020110603180501800_ref040"},{"key":"key2020110603180501800_ref041","first-page":"e1994","article-title":"Universal privacy-preserving platform for SecaaSservices","volume-title":"International Journal of Network Management","year":"2017"},{"key":"key2020110603180501800_ref042","first-page":"236","article-title":"Fine-grained, adaptive resource sharing for real pay-per-use pricing in clouds","volume-title":"International Conference on Cloud and Autonomic Computing (ICCAC)","year":"2015"},{"key":"key2020110603180501800_ref043","first-page":"130","article-title":"A sticky policy framework for big data security","volume-title":"IEEE First International Conference Big Data Computing Service and Applications (BigDataService)","year":"2015"},{"issue":"10","key":"key2020110603180501800_ref044","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1109\/MAES.2014.130115","article-title":"Information fusion in a Cloud computing era: a systems-level perspective","volume":"29","year":"2014","journal-title":"IEEE Aerospace and Electronic Systems Magazine"},{"article-title":"Cloud computing\u2019s vendor lock-in problem: why the industry is taking a step backward","volume-title":"Forbes","year":"2011","key":"key2020110603180501800_ref045"},{"key":"key2020110603180501800_ref046","unstructured":"McLaren, C.C., Juvekar, P.R. and Darisi, P. (2013), \u201cIdentity and access management\u201d, U.S. Patent Application, p. 241."},{"volume-title":"Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance","year":"2009","key":"key2020110603180501800_ref047"},{"key":"key2020110603180501800_ref048","first-page":"2012","article-title":"Security and privacy issues of cloud computing; solutions and secure framework","volume":"4","year":"2012","journal-title":"International Journal of Multidisciplinary Research"},{"key":"key2020110603180501800_ref049","doi-asserted-by":"crossref","first-page":"300","DOI":"10.1016\/j.cose.2016.12.008","article-title":"Introducing OSSF: a framework for online service cybersecurity risk management","volume":"65","year":"2017","journal-title":"Computers and Security"},{"key":"key2020110603180501800_ref050","doi-asserted-by":"crossref","first-page":"86","DOI":"10.1016\/j.jnca.2016.06.003","article-title":"Load balancing mechanisms and techniques in the cloud environments: systematic literature review and future trends","volume":"71","year":"2016","journal-title":"Journal of Network and Computer Applications"},{"article-title":"Cloud computing security","volume-title":"Telecommunications Management","year":"2012","key":"key2020110603180501800_ref051"},{"key":"key2020110603180501800_ref052","doi-asserted-by":"crossref","first-page":"258","DOI":"10.1109\/TPWRS.2002.807091","article-title":"Online risk-based security assessment","volume":"18","year":"2003","journal-title":"IEEE Transactions on Power Systems"},{"issue":"16","key":"key2020110603180501800_ref053","doi-asserted-by":"crossref","first-page":"e4433","DOI":"10.1002\/cpe.4433","article-title":"GraphBAD: a general technique for anomaly detection in security information and event management","volume":"30","year":"2018","journal-title":"Concurrency and Computation: Practice and Experience"},{"key":"key2020110603180501800_ref054","unstructured":"Patil, P., Reddy, T., Wing, D. and Ver Steeg, W. (2016), \u201cDifferentiated quality of service using security as a service\u201d, U.S. Patent and Trademark Office."},{"volume-title":"Qualitative Research","year":"2005","key":"key2020110603180501800_ref055"},{"key":"key2020110603180501800_ref056","first-page":"251","article-title":"Security-as-a-service in multi-cloud and federated Cloud environments","volume-title":"IFIP International Conference on Trust Management","year":"2015"},{"issue":"3","key":"key2020110603180501800_ref057","doi-asserted-by":"crossref","first-page":"1224","DOI":"10.4314\/jfas.v8i3s.272","article-title":"A new revenue maximization model using customized plans in Cloud service allocation (applied on a real company case study)","volume":"8","year":"2016","journal-title":"Journal of Fundamental and Applied Sciences"},{"key":"key2020110603180501800_ref058","unstructured":"Raphel, J., Kailash, K., Apte, M.S. and Chaudhry, J.S. (2014), \u201cGuest account management using cloud based security services\u201d, U.S. Patent and Trademark Office."},{"key":"key2020110603180501800_ref059","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1016\/j.jnca.2015.05.007","article-title":"User-side Cloud service management: state-of-the-art and future directions","volume":"55","year":"2015","journal-title":"Journal of Network and Computer Applications"},{"key":"key2020110603180501800_ref060","first-page":"171","article-title":"Security and reliability requirements for advanced security event management","volume-title":"International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security","year":"2012"},{"article-title":"Cloud computing security in business information systems","volume-title":"arXiv preprint arXiv:1204.1140","year":"2012","key":"key2020110603180501800_ref061"},{"issue":"1","key":"key2020110603180501800_ref062","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1016\/j.ejor.2014.09.055","article-title":"Integrated business continuity and disaster recovery planning: towards organizational resilience","volume":"242","year":"2015","journal-title":"European Journal of Operational Research"},{"key":"key2020110603180501800_ref063","article-title":"Advantages of components in security and privacy architecture as a service for small and medium enterprises","volume":"2","year":"2013","journal-title":"Proceedings of the World Congress on Engineering"},{"key":"key2020110603180501800_ref064","first-page":"181","article-title":"Model-based security event management","volume-title":"International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security","year":"2012"},{"issue":"1","key":"key2020110603180501800_ref065","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1186\/1869-0238-4-11","article-title":"Adoption of security as a service","volume":"4","year":"2013","journal-title":"Journal of Internet Services and Applications"},{"key":"key2020110603180501800_ref066","first-page":"1","article-title":"GroupSec: a new security model for the web","volume-title":"IEEE International Conference Communications (ICC)","year":"2017"},{"issue":"3","key":"key2020110603180501800_ref067","article-title":"Security-as-a-service from Clouds: a comprehensive analysis","volume":"67","year":"2013","journal-title":"International Journal of Computer Applications"},{"key":"key2020110603180501800_ref068","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1007\/978-1-4471-6452-4_3","article-title":"Access control as a service in Cloud: challenges, impact and strategies","volume-title":"Continued Rise of the Cloud","year":"2014"},{"key":"key2020110603180501800_ref069","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1016\/j.jnca.2016.09.002","article-title":"A survey on cloud computing security: issues, threats, and solutions","volume":"75","year":"2016","journal-title":"Journal of Network and Computer Applications"},{"key":"key2020110603180501800_ref070","first-page":"1","article-title":"Business continuity and disaster recovery planning for IT professionals (Second Edition)","volume-title":"Syngress","year":"2014"},{"key":"key2020110603180501800_ref071","first-page":"2","article-title":"The conundrum of security in modern Cloud computing","volume":"12","year":"2014","journal-title":"Communications of the IIMA"},{"key":"key2020110603180501800_ref072","unstructured":"Song, X.D., Fischer, I., Altekar, G., Martignoni, L. and Pavlinovic, Z. (2016), \u201cSecure surrogate cloud browsing\u201d U.S. Patent and Trademark Office."},{"article-title":"Cloud computing evolution","volume-title":"Cloud Computing Basics","year":"2014","key":"key2020110603180501800_ref073"},{"key":"key2020110603180501800_ref075","first-page":"22803","article-title":"Efficient and secure BIG data delivery in cloud computing","volume-title":"Multimed Tools Appl 76","year":"2017"},{"issue":"1","key":"key2020110603180501800_ref074","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.jnca.2010.07.006","article-title":"A survey on security issues in service delivery models of Cloud computing","volume":"34","year":"2011","journal-title":"Journal of Network and Computer Applications"},{"key":"key2020110603180501800_ref076","article-title":"An ontological framework for controlling service responses in hybrid Cloud","volume":"5","year":"2014","journal-title":"Journal of Emerging Trends in Computing and Information Sciences"},{"key":"key2020110603180501800_ref077","first-page":"1","article-title":"Cloud-based security mechanisms for critical information infrastructure protection","volume-title":"International Conference IEEE: Adaptive Science and Technology (ICAST)","year":"2013"},{"issue":"1","key":"key2020110603180501800_ref078","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1109\/TNSM.2014.041614.120394","article-title":"Security as a service model for Cloud environment","volume":"11","year":"2014","journal-title":"IEEE Transactions on Network and Service Management"},{"key":"key2020110603180501800_ref079","first-page":"303","article-title":"A survey on security as a service","volume-title":"Web Information Systems Engineering \u2013 WISE 2017. Lecture Notes in Computer Science","year":"2017"},{"key":"key2020110603180501800_ref037","doi-asserted-by":"publisher","first-page":"362","DOI":"10.1109\/TC.2011.245","article-title":"Privacy-preserving public auditing for secure cloud storage","volume-title":"IEEE Transactions on Computers","year":"2013"},{"year":"2016","key":"key2020110603180501800_ref080","article-title":"Evaluating identity and access management (IAM) as a Cloud service"},{"key":"key2020110603180501800_ref081","first-page":"163","article-title":"Security information and event monitoring as a service: a survey on current concerns and solutions","volume":"37","year":"2014","journal-title":"PIK-Praxis Der Informationsverarbeitung und Kommunikation"},{"key":"key2020110603180501800_ref082","first-page":"1","article-title":"Better security and encryption within Cloud computing systems","volume-title":"International Journal of Public Administration in the Digital Age (IJPADA)","year":"2018"},{"key":"key2020110603180501800_ref083","first-page":"8","article-title":"Disaster recovery as a Cloud service: economic benefits and deployment challenges","volume":"10","year":"2010","journal-title":"HotCloud"},{"key":"key2020110603180501800_ref084","first-page":"832","article-title":"Cloud computing: the level of awareness amongst small and medium-sized enterprises (SMEs) in developing economies","volume":"4","year":"2013","journal-title":"Journal of Emerging Trends in Computing and Information Sciences"}],"container-title":["International Journal of Web Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IJWIS-06-2020-0031\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IJWIS-06-2020-0031\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T22:24:09Z","timestamp":1753395849000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ijwis\/article\/16\/5\/493-517\/164641"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,23]]},"references-count":84,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,9,23]]}},"alternative-id":["10.1108\/IJWIS-06-2020-0031"],"URL":"https:\/\/doi.org\/10.1108\/ijwis-06-2020-0031","relation":{},"ISSN":["1744-0084","1744-0084"],"issn-type":[{"type":"print","value":"1744-0084"},{"type":"print","value":"1744-0084"}],"subject":[],"published":{"date-parts":[[2020,9,23]]}}}