According to Gartner, the cloud-based security services market is expected to reach $4.2 billion by 2016. Further, by 2015, about 10 per cent of the overall IT security enterprise product capabilities will be delivered through cloud.

The research firm points out that the cloud-based security services are also driving changes in the market landscape.  These changes related to a number of key security technology areas like secure e-mail and secure web gateways, remote vulnerability assessment, and identity and access management.

A survey conducted by Gartner in January 2013 on security spending shows high demand from security buyers for cloud-based security service offerings. Security buyers from the US and Europe, representing a cross section of industries and company sizes, stated that they plan to increase the consumption of several common cloud services during the next 12 months. The highest-consumed cloud-based security service is e-mail security services.

Furthermore, 27 per cent of the respondents indicated that they were considering deploying tokenisation as a cloud service. Gartner believes regulatory compliance measures to comply with the payment card industry (PCI) data security standard, for example, are driving much of the growth in tokenisation as a service.

As a service, tokenisation allows security buyers to avoid having to house personally identifiable information or other confidential information. The service allows organisations to remove tokenised systems from being considered “in scope” for PCI compliance, thus removing the burden of regulating the environment.

The research firm predicts that another area that is likely to experience high growth is security information and event management as a service. The interest in this service is owing to security buyers’ need to reduce costs in the area of log management, compliance reporting and security event monitoring. However, many customers in the enterprise segment will remain cautious about sending sensitive log information to cloud services, and this will continue to be an important aspect for security-as-a-service providers to address.