There used to be a time when large enterprises, in particular, took pride in the idea of managing all their various and sundry IT functions, every backend process, in-house. The idea was that these organizations fielded such depth and breadth of talent and infrastructure that they could manage all their IT tasks, store all their data and manage their security quite well.
But, arguably, the pendulum has swung in the opposite direction, directed by the prevailing winds of reducing capital investments and ongoing maintenance costs, improving technology assets more rapidly, and a growing appreciation for outsourcing opportunities. With that in mind, more and more organizations are utilizing cloud computing, software-as-a service (SaaS) and managed security services providers (MSSPs) to gain greater efficiencies and better scalability and taking advantage of newer technologies and more specialized expertise.
“The market for cloud computing and SaaS is exploding,” says Danelle Au, vice president of strategy and marketing for Adallom, a cloud access security broker based in Palo Alto, Calif., that delivers visibility, governance and protection for cloud applications like Salesforce, Office 365, Box, Dropbox and Google Apps. “Development and engineering teams were the first to reap the quick-to-deploy advantages of infrastructure-as-a-service (IaaS),” she says.
OUR EXPERTS: CloudVidur Apparao, CTO, Agari
Danelle Au, VP of strategy and marketing, Adallom
Sean Cordero, director of client services for the Office of the CISO, Optiv Security
Feyzi Fatehi, CEO, Corent Technology
Gabriel Friedlander, co-founder and CTO, ObserveIT
Farshad Ghazi, global product manager, HP Security Voltage
Fengmin Gong, co-founder and chief strategy officer, Cyphort
Rob Marano, co-founder, The Hackerati
Michael Viscuso, chief strategy officer, Carbon Black
The next wave of cloud computing that we are already seeing is software-as-a-service, Au says. “Instead of dealing with the day-to-day maintenance of supporting an application, IT can just purchase complete application systems via best-of-breed cloud providers, such as Microsoft Office 365 or Google Apps for email and collaboration, Workday for human capital, Salesforce for customer relationship management, and Box for content management.”
Farshad Ghazi, global product manager for HP Security Voltage, an enterprise data security solutions provider, also sees a “big shift overall toward all things cloud.” There are obvious reasons for the migration, he says, including cost reduction, lack of internal expertise and limiting the need for more infrastructure and space to house hardware and software internally. These third parties are “doing a better job at providing the full suite of resources, they have the bandwidth to address [customers'] needs, and an elastic format to expand usage,” Ghazi says.
Indeed, the global market for managed security services alone is expected to grow an average of nearly 16 percent compound annual growth rate from 2014 to 2020, reaching an expected $29.9 billion market value by 2020, according to a report released earlier this year by Allied Market Research of Portland, Ore. And, according to KPMG's “2014 Cloud Survey Report: Elevating Business in the Cloud,” nearly three-fourths of enterprises (73 percent) report improved business performance from implementing cloud-based applications and strategies.
Sean Cordero, director of client services for the Office of the CISO at Optiv Security, a newly launched information security services provider (the result of a merger this summer between Accuvant and FishNet Security), believes the managed provider market “is in a massive state of growth as the value proposition is starting to be realized by enterprises that have made the investment into SaaS and MSSP models.
“With this growth has come a greater awareness of the importance of understanding the security posture of each of their service providers,” Cordero says. “This has led to a shifting in the discussion related to security, which has helped drive improved transparency between the provider and the customer.”