This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
1. - Cloud computing security still halts enterprise adoption: Read more in this section
- Data security still inhibits public cloud adoption
- Amazon security still a 'huge concern' in enterprise IT
- AWS customers get advice from the trenches on cloud security
- Cloud security services poised for big gains, according to Gartner
- Public cloud: Game changer or security gamble?
- Enterprises can't solely rely on providers for cloud data security
- Cloud insurance makes headway in the enterprise amid security concerns
- PRISM scandal serves as mother of invention for cloud privacy industry
- A look at the U.S. cloud market in a post-PRISM world
- Report claims that cloud environments as secure as in-house IT
- Exploring risk scenarios, mitigations of cloud computing insider threats
- Hybrid cloud isn't as secure as you think
Explore other sections in this guide:
- 2. - Best practices, tools for securing your cloud environment
- 3. - Aligning with compliance, security standards in the cloud
According to a report released this week by Gartner Inc., cloud-based security services will account for 10% of the enterprise IT security product market by 2015.
A January 2013 survey by the Stamford, Conn.-based research giant indicates that IT security buyers from an array of industries in the United States and Europe expect to increase their use of cloud-based services in the next 12 months.
The shift toward cloud-based security services is driven by several factors, including a lack of skilled in-house IT security staff, the need to reduce costs and compliance regulations that must be met quickly, Eric Ahlm, research director at Gartner, commented in a press release.
In particular, compliance issues seem to be driving curiosity in tokenization as a cloud service, with 27% of survey respondents showing an interest in the technology. Gartner noted that compliance with the Payment Card Industry Data Security Standard could be a major factor boosting interest, as tokenization as a service could allow an organization to avoid storing users' confidential information, perhaps preventing some IT environments from falling under the scope of a PCI DSS assessment.
Security information and event management (SIEM) is another security product area that could be interesting to organizations looking to reduce costs in the areas of log management and security event monitoring. Still, enterprises will remain hesitant to send sensitive log information -- key data outputs that feed SIEM systems -- to the cloud until SaaS providers can more fully address their compliance concerns, Gartner indicated.
Beyond compliance concerns, Gartner found that cloud customers are reducing security expenditures by buying less hardware and software, lowering technology maintenance costs and avoiding complex upgrades. "The value that cloud services bring to security buyers is measurable in terms of capital and operational cost reduction," Ahlm said.
The full report can be found on Gartner's website.
John Howie, chief operating officer at the Cloud Security Alliance, declined comment until the organization had a chance to fully review Gartner's report.