Lack of skills and looming online threats fuel shift to SaaS, says Forrester
Smaller businesses will increasingly turn to software as a service (SaaS) for their IT security needs, according to a report by Forrester Research.
Whereas 10 years ago SaaS was only used for filtering emails, it could soon become a mainstream approach to security because of increasing browser-based attacks and greater user mobility, the report said.
Vulnerability scanning, identity and log management, distributed denial of service (DDoS) protection and end-point security are all growing services, according to the analyst firm, which predicts that SaaS will have a big part to play in this growth.
The move to cloud is likely to be accelerated by the growing importance placed on IT security, which is more of a priority now than it has ever been, according to the report, with 56 per cent of IT decision-makers reporting it as a high or critical priority.
Some 67 per cent of respondents said their ability to organise their own IT security was hampered by a shortage of staff, which is why many smaller businesses turn to cloud services for support. The report also identified a growing gap between hacker capabilities and the security defences available to organisations, which could make outsourcing even more vital as businesses seek to benefit from the latest security developments.
To utilise the latest technologies, organisations are also looking beyond traditional security service providers to those that have a specialised knowledge of SaaS security services. In fact, 35 per cent of IT decision-makers surveyed said they used a security service provider not named in the survey, illustrating the diversity of SaaS IT security, according to Forrester.
The report also identified that data security remains a top priority for IT security professionals, fuelled by the continuing number of cases of large customer data leaks and the high-profile activities of WikiLeaks. Application security was highlighted as an area of underinvestment by the report's authors, who suggest it should be placed higher up the IT security agenda.