The CSO explained that every employee had a laptop. It goes where the employee goes, and it often connects directly to the Internet. "Then he said, 'Sorry. I mispoke,'" Chaudhry continued. "'Every employee has a smartphone and most of them have a tablet, too. So I have at least 20,000 gateways,'"
"If you start looking at that, then the notion of buying a few boxes and putting them in a network starts looking irrelevant," he added.
Without a doubt, device diversity is contributing to the erosion of the effectiveness of perimeter defenses and boosting the appeal of the cloud as a security tool. "Device diversity is driving the need for a solution beyond protecting this castle we've build to protect our data over the years," said Dan Hubbard, CTO of OpenDNS, a cloud-based security services provider.
"That castle and moat model blows up when all your users and data go through the castle's gates and start working outside the castle," he added.
Much of what employees had to go to work to access -- SAP data bases and Microsoft Exchange -- has been moved to the cloud. Now employees can access what they need from work from anywhere with any device. "Since users with their data and devices are traveling with them in the cloud, the cloud is the ultimate way to protect them," Hubbard said.
That's because the cloud can give system watchdogs a better view of what's happening in a sprawling environment than local solutions. Greater visibility into data traffic patterns can be achieved, for example. "The cloud is huge for that," Hubbard said.
In addition, attacks can be identified in real or near-real time. "If you have customers in silos with appliances and software distributed in locations around the world, they're not going to be talking to each other so you don't see the data in real time," Hubbard noted. "With a cloud solution, big data technologies can be applied to protect customers in a much faster and predictive way."
Moreover, cloud-based security services can allow an organization to tackle problems too big for them to wrestle with alone, such as Distributed Denial of Service Attacks. "It's unreasonable for the average company to buy the infrastructure to mitigate a 100 gig sustained DDoS attack," Infonetics' Wilson said.
Companies are also interested in cloud security services for many of the same reasons they're generally interested in cloud services. For example, they want to spend less money on iron, by turning capital expenditures into more predictable operational expenses. "Instead of spending $100,000 or $150,000 on a new web filtering platform, you can spend $1 a user per month," Wilson explained.
Sign up for CIO Asia eNewsletters.