One of the advantages of using SaaS for anti-spam, anti-virus, and anti-spyware blocking is the ability of these services to reduce the amount of traffic into the private network. The reporting of the amount of blocked malware would do a security professional proud. We all know that one of the best ways to showcase your hard work is to have a dashboard that the executives can view that shows them in real time what your security measures are stopping at the border.
A useful service for companies that deal with customer sensitive data like credit cards, electronic health records, or financial results is the ability to have a comprehensive data leak program. One of the toughest things to monitor is the data that is allowed to exit the company and stopping it from being allowed to exit. Working with a good DLP vendor in the cloud as a part of the SaaS described can improve over data protection immensely.
One of the questions I get asked is; "Is the security in the cloud complete? My answer is always the same, it depends on what you are asking the cloud provider to accomplish. If your company does its due diligence by studying the cloud provider's security posture and asking for a test of one or more aspects to give you a comfortable feeling. I wouldn't take the security statement of the cloud provider as the end all answer. I have been studying cloud security for a few years and I would ask many questions before I trusted my company data or security posture with a particular provider.
Here is the take away I want readers to understand about cloud providers. It doesn't matter what service you are considering putting in the cloud, a good strong SLA is worth the effort and will give you a method of holding your provider accountable. I have read a few articles on cloud computing and many of them list the number one problem centers around the expectations between the client and provider are too vague. If you have any concerns them put it in a strong SLA that has penalties for not performing.