Ten percent of overall IT security enterprise product capabilities will be delivered in the cloud by 2015, and the cloud-based security services market is projected to reach $4.2 billion by 2016, according to a report from IT research firm Gartner.
These services are also driving changes in the market landscape, particularly around a number of key security technology areas, such as secure email and secure Web gateways, remote vulnerability assessment, and identity and access management (IAM). Security buyers from the United States and Europe, representing a cross section of industries and company sizes, stated that they plan to increase the consumption of several common cloud services during the next 12 months, the survey found.
"Demand remains high from buyers looking to cloud-based security services to address a lack of staff or skills, reduce costs, or comply with security regulations quickly," Eric Ahlm, research director at Gartner, said in a statement. "This shift in buying behavior from the more traditional on-premises equipment toward cloud-based delivery models offers good opportunities for technology and service providers with cloud delivery capabilities, but those without such capabilities need to act quickly to adapt to this competitive threat."
Furthermore, 27 percent of the respondents indicated they were considering deploying tokenization as a cloud service. As a service, tokenization allows security buyers to avoid having to house personally identifiable information (PII) or other confidential information. The service allows organizations to remove tokenized systems from being considered "in scope" for payment card industry (PCI) compliance, thus removing the burden of regulating the environment.
The report noted another area that is likely to experience high growth: security information and event management (SIEM) as a service. Much of the interest is attributed to regulatory compliance concerns and security buyers' need to reduce costs in the area of log management, compliance reporting and security event monitoring.
"The overall customer demand for numerous cloud security services presents an opportunity for creating or partnering with cloud services brokers," Ahlm said. "The customer demand for a brokerage becomes apparent as organizations move more assets to the cloud and require multiple security services to span multiple clouds and/or mixtures of clouds and on-premises."
A January 2013 Gartner survey on security spending shows high demand from security buyers for cloud-based security service offerings. Gartner is advising value-added resellers (VARs) to supplement product implementations with cloud-based alternatives that offer large customers reduced operational cost and thereby increase the likelihood of customer retention in this market segment.
"The value that cloud services bring to security buyers is measurable in terms of capital and operational cost reduction," Ahlm concluded. "Security providers that currently offer only a hardware/software-based solution requiring implementation should build product road maps that allow customers to move to the cloud at their pace."
The report also cautioned that VARs that fail to offer cloud-based alternatives might experience a decline in implementation revenue from customers seeking cloud-based solutions in certain market segments. However, the firm noted that many customers in the enterprise segment are expected to remain cautious about sending sensitive log information to cloud services, and this will continue to be something security-as-a-service providers must address.