"Demand remains high from buyers looking to cloud-based security services to address a lack of staff or skills, reduce costs, or comply with security regulations quickly," said Eric Ahlm, research director at Gartner. "This shift in buying behavior from the more traditional on-premises equipment toward cloud-based delivery models offers good opportunities for technology and service providers with cloud delivery capabilities, but those without such capabilities need to act quickly to adapt to this competitive threat."
A January 2013 Gartner survey on security spending shows high demand from security buyers for cloud-based security service offerings. Security buyers from the U.S. and Europe, representing a cross section of industries and company sizes, stated that they plan to increase the consumption of several common cloud services during the next 12 months. The highest-consumed cloud-based security service is email security services, with 74% of respondents rating this as the top service.
Furthermore, 27% of the respondents indicated they were considering deploying tokenization as a cloud service. Gartner believes regulatory compliance measures to comply with the Payment Card Industry Data Security Standard (PCI DSS), for example, are driving much of the growth of interest in tokenization as a service. As a service, tokenization allows security buyers to avoid having to house personally identifiable information (PII) or other confidential information. The service allows organizations to remove tokenized systems from being considered "in scope" for PCI compliance, thus removing the burden of regulating the environment.
Another area that is likely to experience high growth is security information and event management (SIEM) as a service. Much of the interest is attributed to regulatory compliance concerns and security buyers' need to reduce costs in the area of log management, compliance reporting and security event monitoring. However, many customers in the enterprise segment will remain cautious about sending sensitive log information to cloud services, and this will continue to be an important aspect for security-as-a-service providers to address.
"The overall customer demand for numerous cloud security services presents an opportunity for creating or partnering with cloud services brokers," said Mr. Ahlm. "The customer demand for a brokerage becomes apparent as organizations move more assets to the cloud and require multiple security services to span multiple clouds and/or mixtures of clouds and on-premises."
Gartner is advising value-added resellers (VARs) to supplement product implementations with cloud-based alternatives that offer large customers reduced operational cost and thereby increase the likelihood of customer retention in this market segment. VARs that fail to offer cloud-based alternatives might experience a decline in implementation revenue from customers seeking cloud-based solutions in certain market segments.
Ease of deployment and relief from technology maintenance offer buyers of cloud-based controls direct cost savings. Based on the value that cloud security brings, security buyers may purchase less hardware or software and require fewer implementation services. They can budget through operating expenditure, rather than through capital expenditure. In addition, cloud-based controls can provide more-current protection, sometimes avoiding complex and costly upgrades.
"The value that cloud services bring to security buyers is measurable in terms of capital and operational cost reduction," said Mr. Ahlm. "Security providers that currently offer only a hardware/software-based solution requiring implementation should build product road maps that allow customers to move to the cloud at their pace."
More detailed analysis is available in the report "Demand for Cloud-Based Offerings Impacts Security Service Spending." The report is available on Gartner's website at http://www.gartner.com/resId=2408215.
Gartner analysts will take a deeper look at the outlook for security solutions at the Gartner Security & Risk Management Summit taking place June 10-13 in National Harbor, Maryland and September 18-20 in London, U.K. More information on the U.S. event can be found at www.gartner.com/us/security. Details on the U.K. event are at http://www.gartner.com/technology/summits/emea/security/.
Information from the Gartner Security & Risk Management Summits 2013 will be shared on Twitter at http://twitter.com/Gartner_inc using #GartnerSEC.
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is a valuable partner in over 13,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 5,500 associates, including 1,400 research analysts and consultants, and clients in 85 countries. For more information, visit www.gartner.com.