By 2015, 10% of enterprise IT security to be cloud-based

by CXOtoday Staff    Apr 15, 2013

cloud

Today, the services is driving changes in the market landscape, particularly around a number of key security technology areas, such as secure email and secure Web gateways, remote vulnerability assessment, and Identity and Access Management (IAM). However, as these demand continue to remain high, businesses are considering cloud-based security services to address a lack of staff or skills, reduce costs, or comply with security regulations quickly.

According to Gartner, by 2015, 10 percent of overall IT security enterprise product capabilities will be delivered in the cloud. And the cloud-based security services market is expected to reach $4.2 billion by 2016.

“This shift in buying behavior from the more traditional on-premises equipment toward cloud-based delivery models offers good opportunities for technology and service providers with cloud delivery capabilities,” said Eric Ahlm, research director at Gartner.

Regulatory compliance measures to comply with the Payment Card Industry Data Security Standard (PCI DSS), for example, are driving much of the growth of interest in tokenization as a service. As a service, tokenization allows security buyers to avoid having to house personally identifiable information (PII) or other confidential information. The service allows organizations to remove tokenized systems from being considered “in scope” for PCI compliance, thus removing the burden of regulating the environment.

The value that cloud services bring to security buyers is measurable in terms of capital and operational cost reduction
-Eric Ahlm, Research Director, Gartner

Another area that is likely to experience high growth is security information and event management (SIEM) as a service. Much of the interest is attributed to regulatory compliance concerns and security buyers’ need to reduce costs in the area of log management, compliance reporting and security event monitoring. However, many customers in the enterprise segment will remain cautious about sending sensitive log information to cloud services, and this will continue to be an important aspect for security-as-a-service providers to address.

Ease of deployment and relief from technology maintenance offer buyers of cloud-based controls direct cost savings. Based on the value that cloud security brings, security buyers may purchase less hardware or software and require fewer implementation services. They can budget through operating expenditure, rather than through capital expenditure. In addition, cloud-based controls can provide more-current protection, sometimes avoiding complex and costly upgrades.