Gartner: Security moving into 'the cloud'

Spending on online security services is forecast to triple by 2013, according to analysts Gartner

Security software will jump off PCs and into 'the cloud', with spending on online security services forecast to triple by 2013.

Cloud-based malware and spam detection in email and instant messaging will grow from 20 percent of messaging security revenue to 60 percent over the next five years, according to analysts at Gartner.

Security company Symantec is also forecasting a shift, from home users and businesses installing security packages on individual computers to accessing security services via remote machines online.

Symantec said businesses are already using proxy security servers to reduce security software's impact on performance.

Jim Hart, manager at Symantec managed security services, told's siter site "It is the inevitable way forward, even for consumers it makes a lot of sense. Proxies are the most effective form of security and I think allowing consumers access to something like that would certainly benefit them."

Cloud-based proxy computers could provide security services traditionally performed locally, such as enforcing authentication, data-loss prevention, intrusion prevention, network access control and vulnerability management.

Gartner predicts that cloud-based security will enable enterprises to use technologies and techniques that are not otherwise cost-effective.

Kelly Kavanagh, principal analyst at Gartner, said in a statement: "The ability to provide massively scalable processing, storage and bandwidth inherent in cloud computing will require security controls and functions to be delivered to customers in new ways and by new service providers."

Gartner said the increase in use of cloud-based office software, such as Google Apps or, means online security services will be necessary to protect mobile IT users accessing business data and services outside the corporate network.

But the analyst adds that criminals will also make use of the cloud to reduce the cost of heavy processing in attacks such as breaking encryption keys or finding vulnerabilities in software.