By 2015, 10% of IT security enterprise product capabilities will be delivered in the cloud, according to a report by research company Gartner.
The services are also driving changes in the market, particularly around key security technologies such as secure email, secure web gateways, remote vulnerability assessment and identity and access management (IAM).
Gartner expects the cloud-based security services market to reach $4.2bn by 2016.
"Demand remains high from buyers looking to cloud-based security services to address a lack of staff or skills, reduce costs or comply with security regulations quickly," said Eric Ahlm, research director at Gartner.
"This shift in buying behaviour from the more traditional on-premises equipment toward cloud-based delivery models offers good opportunities for technology and service providers with cloud delivery capabilities, but those without such capabilities need to act quickly to adapt to this competitive threat."
A Gartner survey on security spending from January 2013 shows high demand from security buyers for cloud-based security service offerings.
Read more about tokenisation
- Case Study: 192business switches to tokenisation to speed up business processes
- PCI tokenisation best practices guidance offers flexibility
- PCI-compliant POS: Retail chain nears PCI compliance in the UK
- PCI DSS 2.0 brings clarity and guidance for merchants
- How to reduce PCI scope with credit card tokenisation
- Understanding tokenisation: What is tokenisation and when to use it
- PCI tokenisation: Credit card security policy guidance
Security buyers from the US and Europe, representing a cross-section of industries and company sizes, said they plan to increase the consumption of several common cloud services in the next 12 months.
The highest-consumed cloud-based security service is email security services, with 74% of respondents rating this as the top service.
More than a quarter of respondents said they were considering deploying tokenisation as a cloud service.
Tokenisation is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
Gartner believes regulatory compliance measures to comply with the Payment Card Industry Data Security Standard (PCI DSS), for example, are driving much of the growth of interest in tokenisation as a service.
Tokenisation allows security buyers to avoid having to store personally identifiable information (PII) or other confidential information.
The service allows organisations to remove tokenised systems from being considered "in scope" for PCI compliance, thus removing the burden of regulating the environment.
Compliance drives Siem
Another area that is likely to experience high growth is security information and event management (Siem) as a service.
Much of the interest is attributed to regulatory compliance concerns and security buyers' need to reduce costs in the area of log management, compliance reporting and security event monitoring, said Gartner.
However, Gartner believes many enterprises will remain cautious about sending sensitive log information to cloud services. This will continue to be an important aspect for security-as-a-service providers to address, said Gartner.
"The overall customer demand for numerous cloud security services presents an opportunity for creating or partnering with cloud services brokers," said Ahlm.
"The customer demand for a brokerage becomes apparent as organisations move more assets to the cloud and require multiple security services to span multiple clouds and/or mixtures of clouds and on-premises," he said.
Gartner is advising value-added resellers (VARs) to supplement product implementations with cloud-based alternatives that offer large customers reduced operational cost and thereby increase the likelihood of customer retention in this market segment.
Cloud security cuts costs
VARs that fail to offer cloud-based alternatives might experience a decline in implementation revenue from customers seeking cloud-based solutions in certain market segments, said Gartner.
Ease of deployment and relief from technology maintenance offer buyers of cloud-based controls direct cost savings.
Based on the value that cloud security brings, security buyers may purchase less hardware or software and require fewer implementation services. This means they can budget through operating expenditure, rather than through capital expenditure, said Gartner.
Cloud-based controls provides current protection, sometimes avoiding complex and costly upgrades.
"The value that cloud services bring to security buyers is measurable in terms of capital and operational cost reduction," said Ahlm.
"Security providers that currently offer only a hardware/software-based solution requiring implementation should build product road maps that allow customers to move to the cloud at their pace,” he said.