According to a report released this week by Gartner Inc., cloud-based security services will account for 10% of...
the enterprise IT security product market by 2015.
A January 2013 survey by the Stamford, Conn.-based research giant indicates that IT security buyers from an array of industries in the United States and Europe expect to increase their use of cloud-based services in the next 12 months.
The shift toward cloud-based security services is driven by several factors, including a lack of skilled in-house IT security staff, the need to reduce costs and compliance regulations that must be met quickly, Eric Ahlm, research director at Gartner, commented in a press release.
In particular, compliance issues seem to be driving curiosity in tokenization as a cloud service, with 27% of survey respondents showing an interest in the technology. Gartner noted that compliance with the Payment Card Industry Data Security Standard could be a major factor boosting interest, as tokenization as a service could allow an organization to avoid storing users' confidential information, perhaps preventing some IT environments from falling under the scope of a PCI DSS assessment.
Security information and event management (SIEM) is another security product area that could be interesting to organizations looking to reduce costs in the areas of log management and security event monitoring. Still, enterprises will remain hesitant to send sensitive log information -- key data outputs that feed SIEM systems -- to the cloud until SaaS providers can more fully address their compliance concerns, Gartner indicated.
Beyond compliance concerns, Gartner found that cloud customers are reducing security expenditures by buying less hardware and software, lowering technology maintenance costs and avoiding complex upgrades. "The value that cloud services bring to security buyers is measurable in terms of capital and operational cost reduction," Ahlm said.
The full report can be found on Gartner's website.
John Howie, chief operating officer at the Cloud Security Alliance, declined comment until the organization had a chance to fully review Gartner's report.