IDC: Top Five Considerations for Cloud-Based Security
1. I D C A N A L Y S T C O N N E C T I O N
Phil Hochmuth
Program Manager, Security Products
Considering a Move to Cloud -Based Web
Security? Answ ers to Your Top Questions
October 2012
With the rise of cloud applications and an increasingly mobile workforce, Web security that can be
delivered as a service across a global network is becoming critical in order to protect users and
ensure that policies for social media and other traffic can be enforced consistently anywhere at any
time. Along with protecting employees who are using company-owned mobile devices, enterprises
must efficiently secure an increasing number of mobile workers who are using unmanaged devices
(bring your own device, or BYOD). Cloud-based Web solutions can secure mobile users without
requiring VPN backhaul to an onsite gateway or security agents installed on clients. The worldwide
Web security market reached $1.9 billion in 2011, growing 12.1% over 2010, and IDC predicts that
the market will grow to $3.2 billion in 2016, representing an 11.2% compound annual growth rate
(CAGR) from 2011 to 2016. Web security SaaS will be the fastest-growing segment of the Web
security market. Web security SaaS will grow from $250.4 million in 2011 to $695.2 million in 2016,
representing a 22.7% CAGR. Pressure on enterprise IT security teams to secure and control
corporate data in an increasingly unmanaged endpoint environment is driving much of this market
growth; more than a third of enterprises cite data loss as their top security concern, according to
IDC's 2011 Security Survey; meanwhile, nearly two-thirds of enterprises are challenged by end users
who do not follow corporate security policies.
The following questions were posed by Blue Coat to Phil Hochmuth, program manager for IDC's
Security Products service, on behalf of Blue Coat's customers.
Q. What are the top business or security challenges and requirements driving Web
security SaaS adoption?
A. One initial challenge is the general extension of the security perimeter. For most enterprises,
the corporate boundary between the external Internet and internal networks and LANs has
essentially dissolved as more employees are using mobile devices outside the office. This is
a result of more people working from home as well as corporations extending to more branch
and remote offices globally. It is more difficult to maintain the traditional network perimeter in
these scenarios. Having a "hard wall" around employees has always been the main defense
and control point for enterprise security. Mobile devices stretch the control zone that
enterprises traditionally had over endpoints, often making these controls less effective or
inefficient to implement.
Another challenge is the explosion of social networking use. Social networking can be both a
time-wasting tool and a productivity-enhancing tool for enterprises, depending on how it's
used and who is using it. For example, many enterprises have official Twitter and Facebook
accounts, and certain employees are required to access them and keep them up to date. The
new reality in many enterprises is that employees increasingly need real-time access to
IDC 1385