On 27 October 2009, Cisco Systems announced that it plans to acquire ScanSafe, a privately held provider of secure Web gateway (SWG) functionality delivered as software as a service (SaaS), for approximately $183 million in cash and retention-based incentives. Cisco expects the deal to close during the second quarter of its fiscal year 2010. ScanSafe will then become part of Cisco's Security & Technology Business Unit.

The early adopters of "security as a service" offerings mostly have been small and midsize businesses (SMBs), although ScanSafe had recently signed larger deals for 100,000 seats and more. ScanSafe's acquisition indicates Cisco's commitment to the security-as-a-service market, and gives Cisco an opportunity to market these services to its large-enterprise customers that need SWG protection for their mobile users and small remote offices.

Cisco gains ScanSafe's expertise in building and operating multitenant data centers (that is, data centers that service multiple customers on shared infrastructure). Gartner believes that Cisco will use these data centers during 2011 to deliver a new security-as-a-service-based e-mail service built on the ScanSafe multitenant architecture. This offering will likely complement Cisco's hosted IronPort e-mail security service. The acquisition also gives Cisco:

• The ScanSafe reporting engine, which Cisco can adapt to generate reports for its IronPort S-Series SWG appliance. Cisco's remote access/VPN client and router/firewall installed base could be used to redirect Web-based traffic to the cloud-based service.
• Another valuable source of malware and reputation data for Cisco's expanding security labs and reputation service.
• An immediate offering for the SMB market, which the S-Series did not satisfy.
• A SWG service that its service provider partners can deliver through a "white label" offering.

But Cisco faces cultural and product integration challenges with this acquisition, including:

• Training a sales force geared toward selling hardware infrastructure to sell services.
• Integrating the ScanSafe endpoint client with Cisco's remote access/AnyConnectVPN client and delivering a unified IronPort/ScanSafe reporting solution, which Gartner estimates will require at minimum six months.
• Buidling a unified policy management console to enable consistent policies across S-Series appliances and ScanSafe services, which Gartner believes will take at least a year.

• Current ScanSafe customers: Although this is a positive move for ScanSafe, continue to monitor service levels closely.
• Prospective ScanSafe customers and Cisco S-Series customers: Consider how the service can help with mobile users. Press Cisco for road map information regarding product integration of S-Series and ScanSafe’s service for developing a hybrid customer premises appliance and SaaS solution with a unified policy console.

• "Market for Secure Web Gateways Delivered as SaaS Heating Up" — New competition among providers and economies of scale should help bring prices down and drive increased awareness and market share for this delivery model. By Peter Firstbrook
• "Defining the Security-as-a-Service Market" — Enterprises considering the new security-as-a-service offerings need to choose the security delivery model that best matches their needs and environments. By John Pescatore and Kelly Kavanaugh

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)