Over the next five years, "highly secure and trusted" cloud services will emerge, and security is expected to become an enabler of the cloud, rather than an inhibitor, according to the report, based on interviews with more than 24 IT and IT security product vendors, integrators, consultants and cloud providers.
Currently, the cloud security market is valued at around $200 million, with less than one percent of IT security spending allocated for the cloud, Jonathan Penn, vice president at Forrester, who authored the report, told SCMagazineUS.com on Thursday.
Identity management services and encryption represent the majority of cloud security spending today, he said. However, security solutions are not easily applied to the cloud.
Organizations are eager to adopt cloud services but are often held back by security concerns, according to the report. Many organizations are hesitant to move computing resources and applications to the cloud because they believe providers' security controls are insufficient.
“There is no way to ensure that my data is being protected, no way to guarantee that I can understand what their administrators are doing and assure they are not accessing information inappropriately ” Penn said.
But increased pressure from cloud customers is driving the rapid creation of solutions to address those challenges, he added. Moreover, cloud service providers are increasingly at risk of being targeted in cyberattacks, which will drive them to integrate more security into their solutions.
“The fact that the cloud providers' data centers have multiple customers in them running high-profile applications and sharing services makes them fatter targets for hackers,” a marketing director at a security product company was quoted in the report. “This is pushing providers to put more security in place.”
Also, as the market matures, cloud security providers will increasingly partner with security vendors to offer value-added services, the report predicted. In the meantime, enterprises should continue to put pressure on cloud providers to improve their security and auditing capabilities.
“The message is getting heard, but we need a critical mass of pressure on cloud providers to build these things in,” Penn said.