The rush of businesses to move their operations to the cloud is creating a slipstream that's pulling security services into the nimbus.
"People have become more comfortable now with the cloud so they're feeling more comfortable leveraging certain cloud services for security," said Brian Contos, CISO for Blue Coat, a web filter appliance company.
That comfort will be driving a rapid growth in the market for cloud-based security services in the next few years. The market, according to Gartner, will jump by a billion dollars in the next two years from $2.1 billion in 2013 to $3.1 billion in 2015.
Market research firm Infonetics Research also has a rosy forecast for cloud-based security services. It predicts revenues for them will climb by a compound annual growth rate of 10.8 percent, from 2012 to 2015, when it will reach $9.2 billion.
"There's increasing pressure on organizations to have services in the cloud, and the only way really to manage some of the risk in the cloud is with cloud security services," said Davi Ottenheimer, president of flyingpenguin, a security consulting firm.
As companies move services from their data centers into the cloud, not only do they want their security services there, too, but they want those security services to emulate other cloud offerings. "They're demanding next-generation, higher-class security services," said Mark Nunnikhoven, principal engineer of cloud and emerging technologies, at Trend Micro.
"They want a security service that matches the attributes of the cloud -- something that's smart and flexible," he added.
The general migration of operations to the cloud isn't the only trend driving security services to the nimbus, however. "The rise of mobility and the distribution of users has driven a lot of the requirement for security in the cloud," said Infonetics Principal Analyst Jeff Wilson.
Increased use of multiple devices by employees to do their jobs has broadened security challenges for many organizations. Those devices are used by workers with services outside their employer's network -- services like Gmail, Webex, Dropbox and Evernote -- that can expose that network to risk. "Trying to figure out a way to buy a product to protect you from all that stuff becomes mind-boggling," Wilson said.
"It makes hijacking traffic and routing it through a secure cloud a reasonable thing to think about doing," he added.
When organizations could limit the gateways to their networks and bottle up data within those networks, local solutions made more sense. That's not the case now.
Jay Chaudhry, founder and CEO of Zscaler, a cloud-based information security company, recalls a recent conversation he had with a CSO. "I asked him, 'How many employees do you have?" Chaudhry noted. "He said, '10,000.' I said, 'How many gateways to the Internet do you have?' I expected an answer like three or four or five. He said, '10,000.'"
Sign up for CIO Asia eNewsletters.