We've noted recently that software as a service, if you want to see it as subset of cloud computing, faces some huge challenges in a host of market segments. Forrester has concluded SaaS will be "a disruptive force" in software categories that account for just a quarter of global software spending and will have "little or no effect" on many of roughly 123 market segments. GRC just happens to be one of the segments in which the SaaS approach has lots of potential.

A huge issue in general, one that may be limiting adoption in some market niches, is security. We're now seeing companies address that more aggressively. For example, RSA, which is a division of EMC, and security firm Symantec both recently announced their long-term intentions to develop more powerful security for SaaS applications.

Symantec's effort is called O3 and is envisioned as a "layer above the clouds" that "could be used by cloud-service providers to gain and provide to their customers security and compliance. The service might include functions such as password single sign-on," according to NetworkWorld.

RSA's solution will be built in part on tools from VMware and Archer and would be a "software-based framework that cloud-service providers could use to protect SaaS applications." It has been dubbed Project Horizon internally.

Hewlett-Packard says the security paradigm that has held for many years must now evolve in a way that encompasses risk across various platforms, including the cloud. It aims to participate in this effort and has purchased thee security companies to that end. It will be a long time before these efforts bear fruit, leaving plenty of time for other companies to jump in.

For more:
- here's the article

Related Articles:
SaaS catching on for GRC apps
SaaS deals heating up
Are more banks ready to turn to SaaS?
VCs to take a look at SAAS compliance vendors