For any IT manager that feels powerless in the face of the rapidly growing information security threat, it may be gratifying – or disturbing – to learn that much of the security industry now agrees that they probably are. 

“It used to be that you fight ten threats or a hundred threats a day,” says Dick Williams, CEO of security software provider Webroot.  “Now you fight 40,000. The threat factor morphs every six hours.”

Consequently, Williams argues, it makes little sense for end-users to spend time and processing power repeatedly updating antivirus signature files. This is why Webroot, like much of the industry, is moving to a software-as-a-service (SaaS) deliver model. 

That, and the considerable business opportunity that analysts see for so-called ‘security-as-a-service’ offerings. Market watcher IDC says that the market is growing at a compound annual rate of 45% and will be worth approximately $513 million by 2013. 

Webroot’s SaaS makeover began in 2007, when it acquired UK-based online security firm Email Systems, but the strategy has been prioritised since last year’s appointment of Williams, a veteran of Silicon Valley venture capital business Accel Partners and open source software vendor Hyperic.

Mobility will be a major driver in the adoption of security-as-a-service, says Williams, as mobile devices are ill equipped to handle proprietary software. “If the threats are getting more and more sophisticated and constantly changing in their character,” he says, “you can’t possibly have enough computing power on your cellphone or smartphone.”

The cost benefits associated with cloud computing are another driver for security as a service, Williams notes. Webroot is pursuing a foothold in the small to medium-sized business market, for which larger rivals such as Symantec and McAfee have yet to develop an effective Internet and email security product, Williams claims. “Their solution is either to try to take a single-user product and make it applicable to [small businesses],” he says, “or they try to bring down a heavyweight enterprise solution.”

Given that security concerns are the most commonly cited barrier to cloud adoption, delivering security itself over the web might prove to be a hard sell. But these concerns are misplaced, Williams argues. “The reality is that you can in fact predict problems before they occur, isolate them and resolve them [from the cloud],” he says.

The key challenge to Webroot’s move to the web, where freedom of customer choice means that brand profile is everything, is its little-known name. "We don’t have a bad brand; it’s reasonably good,” Williams remarks. “But it’s just not as well-known as it needs to be.”

Its secret weapon in this regard is Chris Benham, appointed as chief marketing officer in January, who during his former life at Symantec was responsible for crafting that company’s ‘yellow box’ brand.

But this is secondary to the effectiveness of its product, says Williams, which will be ultimate determinant of Webroot’s success. “When you solve tough problems with an elegant solution – that’s when you’ve got a competitive product,” he says. “That’s what we’re figuring out.”