Given the differences in market maturity, cultural acceptance and local IT infrastructures, considerable regional differences exist in the deployment rates of cloud-based security systems. They all play a part in the level of spending dedicated to this delivery model -- when compared with on-premises business technology deployments.
Moreover, privacy remains an inhibitor in the deployment of all forms of cloud-based services by the late adopter market segment. In particular, it's a big issue in those regions and countries with strong regulatory requirements -- such as Europe, with its data protection legislation.
Regardless, the cloud-based security services market will be worth $2.1 billion in 2013 -- growing to $3.1 billion in 2015, according to the latest market study by Gartner.
"The cloud-based security market remains a viable one, offering providers many opportunities for expansion," said Ruggero Contu, research director at Gartner. "Encryption will be a new area of growth, but it remains a complex activity. The strongest interest will be in encryption products from cloud security brokers, which are relatively easy to deploy and have options for on-premises encryption management."
Gartner predicts that the top three most sought-after cloud services moving forward will remain email security, web security services and identity and access management (IAM).
However, in 2013 and 2014, the highest growth is forecast to occur in cloud-based tokenisation and encryption, security information and event management (SIEM), vulnerability assessment and web application firewalls.
Gartner believes that SIEM and IAM offer the biggest growth potential, although for SIEM this will be from a small base. The benefits cloud security offers -- particularly encryption -- are making it an increasingly popular choice. However, trust concerns and regional variations mean that service providers will have to assess each market opportunity carefully before deciding which to focus on.
Overall adoption of software as a service (SaaS) applications and other cloud-based services encourages organizations to adopt cloud-based security controls. These are delivered either as stand-alone features or as part of an integrated SaaS package.
Managed security services (MSS) are also driving adoption of cloud-based security services among enterprises. MSS delivery models are in turn being affected by demand for cloud-based security services, which is enabling security providers to become de facto MSS players.
Gartner expects acceptance of, and reliance on, cloud-based security-as-a-service offerings to increase, based on organizations gaining more experience with SaaS, and more consumer-grade technology being made available to corporate systems as a result of trends, such as bring your own device (BYOD).
Cloud-based security services will grow faster than the market for remotely monitored customer premises equipment MSS through 2012, but starting from a smaller base. In the next 24 months, new security-as-a-service-based offerings that address specific security controls for cloud-based IT resources will be available from larger IT and network service providers -- aimed initially at small or midsize businesses (SMBs).
Gartner also predicts that smaller, pure-play managed security service providers will be most affected by the introduction of these services, and expects them to consolidate.
Within the IAM space, interest in cloud-based security has been driven mostly by SMBs' needs to extend their basic IAM functions and serve employees who are accessing SaaS and some internal web-architected applications.
An increasing number of organizations seem to be adopting cloud-based IAM services to replace IAM on-premises tools. Larger businesses are often looking to use IAM as a mixture of legacy- and web-architected cloud and on-premises.