If $1.5 billion seems like an enormous sum, that's because it accounts for much more than just the software-as-a-service (SaaS) security market. Indeed, according to Forrester analyst Jonathan Penn, the report's author, when people think "cloud security," the reference is typically much too narrow. "Most of the discussion about cloud and security solutions has been about security SaaS: the delivery model for security shifting from on-premise to cloud-based," he said. "That's missing the forest for the trees."
What he suggests: Don't look at cloud security for cloud security's sake, but rather its function vis-a-vis corporate IT. "Look at how the rest of IT -- which is about 30 times the size of the security market -- is moving to the cloud. What does that mean in terms of how we secure these systems, applications, and data?"
The answer, said Penn, is that many more businesses are now demanding that security be built-in to cloud services. Already, he said, this market-driven requirement for cloud computing adoption will, over the next five years, "see the emergence of highly secure and trusted cloud services."
For security vendors that currently dominate the non-cloud security market, this evolution promises to upend many a business model -- or as the Forrester report puts it, to "be a disruptive force in the security solutions market, challenging traditional security solution providers to revamp their architectures, partner ecosystems, and service offerings."
Interestingly, according to a 2009 Forrester survey of North American and European businesses, 50% said their chief reason for avoiding cloud computing was security concerns. Within five years, however, Forrester expects cloud security to be one of the primary drivers for adopting cloud computing.
"Anyone not bracing for this change -- and embracing it -- faces significant business risk," said Penn.