The highest growth is forecast to occur in cloud-based tokenisation and encryption, vulnerability assessment, SIEM and Web application firewalls.
The cloud-based security services market will be worth $2.1 billion in 2013, rising to $3.1 billion in 2015, and the top three most sought-after cloud services moving forward will remain email security, Web security services and identity and access management (IAM), according to a report from IT research firm Gartner.
In 2013 and 2014, the highest growth is forecast to occur in cloud-based tokenisation and encryption, security information and event management (SIEM), vulnerability assessment and Web application firewalls.
An increasing number of organizations appear to be adopting cloud-based IAM services to replace IAM on-premises tools. Larger businesses are often looking to use IAM as a mixture of legacy- and Web-architected cloud and on-premises, the report noted.
"Areas such as SIEM and IAM offer the biggest growth potential, although for SIEM this will be from a small base," Kelly Kavanagh, principal research analyst at Gartner, said in a statement. "The benefits cloud security offers—particularly encryption—are making it an increasingly popular choice. However, trust concerns and regional variations mean that providers will have to assess each market opportunity carefully before deciding which to focus on."
However, the report cautioned that although growth in cloud-based security will remain strong, revenue opportunities will vary.
Gartner expects acceptance of, and reliance on, cloud-based security-as-a-service offerings to increase, based on organizations gaining more experience with SaaS and more consumer-grade technology being made available to corporate systems as a result of trends, such as bring your own device (BYOD).
"The benefits of deploying cloud-based security services are clear," Kavanagh said. "Aside from the broad area of IAM, specific controls, such as encryption, are becoming vital to the adoption of cloud computing. They are further helping to generate interest in this particular form of security service delivery."
The maturity of the related business communities, local regulations and cultural aspects all play a part in the level of spending dedicated to the deployment rates of cloud-based security systems compared with on-premises deployments, according to Gartner.
"The cloud-based security market remains a viable one, offering providers many opportunities for expansion," Ruggero Contu, research director at Gartner, said in a statement. "Encryption will be a new area of growth, but it remains a complex activity. The strongest interest will be in encryption products from cloud security brokers, which are relatively easy to deploy and have options for on-premises encryption management."
The report noted privacy remains an important inhibitor in the deployment of all forms of cloud-based services. These concerns are especially pointed in regions and countries with strong regulatory requirements, such as Europe, with its data protection legislation.
"Although organizations' interest in encryption is expected to grow, service providers' relative lack of interest in cloud-based encryption means it has remained a complex activity, requiring organizations to initiate complex, build-your-own deployments," Contu said. "The strongest interest is in encryption products from cloud security brokers, thanks to their relative ease of deployment and their options for on-premises encryption management. Nevertheless, Gartner expects cloud hosting providers and IaaS providers to show an increased interest in cloud-based encryption capabilities."