Security

Watch for Security in the Clouds

Security applications delivered as cloud-based services will more than triple by 2013, according to Gartner.

The firm said 20 percent of the revenue of messaging security tools, such as antimalware and antispam services for email and instant messaging, currently comes through the cloud delivery model. But this will jump to 60 percent by 2013.

Popular on-demand enterprise applications, such as those provided by Salesforce.com, are allowing mobile workers to bypass the corporate network to access business data. Gartner said this will force security teams to put controls between mobile workers and cloud based services.

"Although perimeter security controls will be required to protect the remaining data center functions and the large portions of enterprise populations that are not mobile, new approaches will be needed to secure cloud-based IT services," John Pescatore, vice president and Gartner analyst said in a statement.

"One answer will be cloud-enabled security 'proxies' whereby all access to approved cloud-based IT services will be required to flow through cloud-based security services that enforce authentication, data loss prevention, intrusion prevention, network access control, vulnerability management and so on," he said.

Gartner defines cloud computing as a type of computing where IT-related capabilities are provided as a service using Internet technologies to multiple external customers. This delivery model is getting closer towards widespread acceptance, according to Gartner, because it allows enterprises to gain security services such as distributed denial-of-service attack (DDoS) protection without huge capital investments.

But, Pescatore warned the use of cloud computing will make organizations more vulnerable to some security risks.

"Inexpensive cloud-based processing will make it easier and cheaper to break encryption keys or find vulnerabilities in software, and financially motivated criminals will certainly seek to take advantage of that," he said. "Enterprises will need to prioritize the adoption of encryption technologies that provide easy movement to longer keys."

Subscribe to the Security Watch Newsletter

Comments