Ironically, Cloud Security Is Picking Up Steam

Drive for lower costs and improved security makes cloud security services extremely attractive

While the IT industry continues to pump millions of dollars into messaging cloud computing, most IT shops remain on the sidelines. For example, when ESG Research asked IT professionals to list their top initiatives for 2011, "increased use of cloud services" came in as the 12th most popular response -- below more pedestrian IT activities like "desktop/laptop PC replacement initiatives," and "data center consolidation." Why are many organizations eschewing the cloud? Forty-three percent of the IT professionals surveyed said that "data security/privacy concerns" are so acute that they plan to minimize any cloud computing efforts in the foreseeable future.

Given this data, it is extremely ironic that one of the places where cloud computing is gaining momentum is in the area of security services.

In some instances, cloud intelligence is used to support on-site security defenses. This is the case with things like Cisco's Security Intelligence Operations (SIO), Blue Coat's WebPulse, and Trend Micro's Smart Protection Network. Cloud services are also gaining momentum as on-site security appliance replacements. For example, Webroot is seeing strong growth in its managed email service as is Symantec MessageLabs. In newer areas like web threat management, security services seem to be at least as popular as premise-based gateways.

The cloud services described above are a pretty easy choice for CISOs as they either support on-site security systems or act as a form factor replacement where cloud services are substituted for security hardware. What about security management? For years, most organizations resisted any discussion on outsourcing security management, believing that security was too important and sensitive to trust to a third party. Lately however, I see this historical bias against managed security services changing as well. Yes, this trend is most pronounced in the SMB market but many enterprises are making or considering this move because:

1. Security has grown too complex for their internal skills. Cyber criminal activity is incessant and sophisticated. In March Madness terms, most organizations feel like a 16th seed -- competent but no match for adversaries at the top of the game. With risks increasing rapidly, CIOs are much more likely to abandon in-house prejudices in favor of security services expertise.

2. Skilled security professionals are hard to find. In spite of the "great recession" and high unemployment rates, there aren't enough security professionals to go around. This is especially true in rural areas. Security services are a great alternative to being under staffed and thus under prepared for the next cyber attack.

Numerous vendors are benefiting from the managed security trend. Unisys has been at this for years and has an impressive line up of enterprise customers, especially in the federal government and financial services. HP, IBM, and Verizon are players here. I'm also watching Dell in the SMB market with its acquisition of SecureWorks.

Beyond the irony, the cloud model makes a lot of sense for security. Security intelligence is dependent upon massive amounts of processing that has become "burstable" to the cloud. Cloud security carries an economic benefit as it replaces a capital with an operating cost. Finally SaaS is the most popular application for cloud computing in many organizations, so cloud security SaaS services like web security and security management make sense.

Expect more growth, more services, and more acquisitions in cloud security over the next few years. Who'd have thought that the cloud and security would be so synergistic?

• Security
• Blue Coat
• Cisco
• cloud computing
• Dell
• email security
• HP
• IBM
• managed security services
• MessageLabs
• SecureWorks
• security intelligence
• security management
• Symantec
• Trend Micro
• Unisys
• web threat management
• Webroot