Security is a headache: patching, anti-virus updates, firewall management, data loss concerns, new vulnerabilities being uncovered every day – the list is endless.
It is perhaps not a surprise therefore that the relatively nascent cloud security-as-a-service market is set for huge growth, with IDC predicting it will account for half of all web security revenues by 2020, up from 10 percent today.
IDC research director Duncan Brown said much of this growth is coming not from firms looking to cut costs, but from a recognition that outsourcing security is a more efficient, and secure, way to operate.
“What’s important is that you can often get better security from the cloud than you can get on premise doing it yourself,” he told V3.
The security sector is well aware of this too, with firms such as Trend Micro, Zscaler, Cisco, Alert Logic and FireEye all heavily promoting cloud-based security services.
Anthony Kolish, senior vice president of customer services for FireEye, argues that for many customers using cloud security tools is an obvious extension to the use of other cloud deployments.
“We are seeing history repeat itself. So before it was Salesforce or ServiceNow and now it’s security,” he told V3.
Since FireEye unveiled its FireEye-as-a-Service offering, Kolish said demand has grown rapidly, with numerous firms in various sectors using the service, and he expects this momentum to continue into 2016.
Trend Micro is another company offering cloud-based services, and Bharat Mistry, cyber security consultant for the firm, said it too is seeing strong uptake.
“There is a significant demand from companies wanting to consume security controls in the same manner as they consume compute services with a true utility-based billing model,” he said.
Solving the skills shortage
The rise of cloud-based services is coming at a time when many firms have been struggling to attract and retain skilled cyber security staff.
Mistry from Trend Micro said this is particularly true for smaller firms, where IT staffing budgets can be very limited, thus making the ability to outsource cloud security especially appealing.
“For businesses that have a limited headcount, in an environment where IT professionals are required to wear multiple hats, this allows some of the maintenance tasks to be reduced,” he said.
“This includes network appliances such as firewalls, and also the full-time employee (FTE) staffing costs for the upkeep of security infrastructure. With security as a service, organisations can now use security software without the headache of maintenance. SMEs also favour security as a service for the reasons outlined."
Kolish concurred, saying more and more organisations are realising they are never likely to have the same cyber expertise in-house as a dedicated provider can boast.
"Most customers at some point in the selling cycle will want to talk to people we have doing the actual work and that’s literally a five minute conversation and they say ‘yeah, we don’t have anyone like this in our organisation’.”
Security the enabler, not denier
Furthermore, just like other cloud services, cloud security offerings can be scaled as required to meet user demand and this is likely to become a key issue as digital transformation projects in organisations take centre stage, as Brown from IDC noted.
“For a long time the security response has always been to say, ‘no you can’t move to the cloud, no you can’t use mobility technology’ and what we found was companies just did it anyway – but in an insecure way,” he said.
“So, increasing the capabilities of your security means you can actually enable digital transformation through cloud technologies, rather than blocking it.”
He added this is a major boost for organisations as it enables them to forget about an aspect of technology that is not core to their operations and focus on what is.
“Businesses should focus on their business and for many security is just not core to that. It is an enabler but not core and if that’s the case then outsourcing is a sensible option and cloud is a great way to do that,” he said.
To hear more about security challenges , the threats they pose and how to combat them, make sure you sign-up for the Computing Enterprise Security and Risk Management conference on 24 November.
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith