"It's much easier to predict your expenses," he continued, "and to avoid obsolescence."
Indeed, exiting the technology gerbil cage has always been a big attraction of the cloud. "A lot of companies don't want to have the burden of managing complex security solutions anymore," said Greg Onoprijenkom, president, co-founder and managing director of sales for e-ternity, a business continuity consulting firm.
"The technology is constantly changing, and it's expensive to keep up with it," he added.
With a cloud-based security solution, those burdens can be born by someone else. "It takes away the cost of ownership," Hubbard, of OpenDNS, said. "You don't have to patch any servers. You don't have to install things. You don't have to configure them. You don't have to update them. All that happens automatically."
Adding to those expenses are increased security requirements from regulators and others. "There is now a much more significant push around compliance for many organizations that three to five years ago wasn't there," said Erik Bataller, principal security consultant with Neohapsis, an enterprise security and risk consulting firm.
"Requirements are becoming much more rigorous so there are increased costs there," he added. "Most organizations have struggled to meet existing requirements let alone no trying to meet increased requirements."
Not only can it be onerous to maintain security systems, but finding the wetware to do so can also be challenging. "It's even more difficult in smaller companies where IT staffs have already been reduced," said Brian Laing, products vice president for Lastline, a cloud-based provider of threat intelligence. "They don't have the staff now to dedicate to security, let alone hire a higher-end security person."
Large companies are also known to cut security corners, too. Andrew Kellett, a principal analyst with Ovum, a business and technology research company, recalled his experience with a retail organization operating in 26 countries. "We didn't have dedicated security IT professionals," he said. "It was a general IT requirement."
Relieved of the need for security experts, a company using cloud-based security services can free up resources for needs more important to its core mission. "An organization that adopts a cloud service doesn't need to become an expert in that service," explained Justin Moore, founder and CEO of Axcient, a provider of cloud continuity services for small and medium businesses. "That means being able to deploy best-in-class capabilities with minimal effort and expense."
"If you're a business of 100 people," added Trend Micro's Nunnikhoven, "and you don't want to hire seven people dedicated just to security, it's far more valuable to you as an organization to go to a managed security provider to coordinate most of that so you need only two or three people responsible security."
Sign up for CIO Asia eNewsletters.