By 2015, 10% of overall enterprise IT security will be delivered in the cloud, according to Gartner.
Indian businesses are already taking advantage of cloud-based security, and with the number of threats increasing rapidly, cloud security provides an option to help businesses keep up.
With cloud-based security, products can be installed and updated quickly, maintenance is easier because the software is not on-premises, and an expert supplier takes responsibility and businesses can pay as they go, which can reduce costs.
Gartner expects the cloud-based security services market to be worth $4.2 billion by 2016.
So what does cloud computing offer Indian business in terms of security?
Amit Saha, manager of enterprise security and risk management services and cloud at Infosys Technologies in India, said that organizations are struggling to keep pace with newer threats. He said the cloud has opened up numerous options to manage enterprise security.
Cloud-based security solutions provide organizations with benefits of lower capital expenditure and means security is up and running quicker than traditional on-premises software, he said.
He added that security operations and penetration-testing services in the Software as a Service (SaaS) model are examples already used by Indian businesses.
Other cloud security products being leveraged by Infosys' clients in India include fraud management and risk-based multifactor authentication services.
"Cloud-based security encourages a more standardized approach towards security deployment. In addition, cloud-based security solutions address the lack of specialized skills that are needed to deploy such security solutions, as well as the burden of maintaining those resources in the long run," Saha said.
Popular cloud models for the Indian business
Sid Deshpande, senior research analyst at Gartner India, said that only cloud infrastructure is currently a bigger market in India than the cloud security market. Symantec and Trend Micro are some of the companies that are witnessing some demand for cloud security in India, according to Deshpande.
"End users want to explore the cloud, but the level of regulation is very high. Only small and medium-sized businesses are inclined towards this for now, and it would take about two to three years for enterprises to start using cloud-based security, Deshpande said. Surveys have revealed that the usage is limited to Web and email security, Deshpande added.
However, Deshpande said there needs to be a concrete policy for cloud adoption and certification for cloud-based providers. He cites the example of the US, where cloud-based providers get certification from the government.
Deshpande said that cloud-based services are not chosen just to reduce cost and pressure on internal resources. For example, an online retailer, whose complete operations are dependent online, must adopt cloud-based security services, he said.