The cloud security services market will experience a slow but steady rise for the next several years, meaning it’s a good time for solution providers to step up their cloud security skills and take advantage, according to a recent report
The report, "Cloud and CPE Managed Security Services (2015 Edition)," by Jeff Wilson, principal security analyst for the research firm, predicts somewhere between 10 percent to 12 percent growth for the cloud security services market through 2018.
This growth is slightly lower but still fairly consistent with market growth from 2013 to 2014. In 2013, revenue in the market was at $6.3 billion, growing 13.5 percent in 2014 to 7.2 billion, according to the report. Projected revenue for 2015 is $8.1 billion, while in 2018 the market should represent about $11 billion in revenue opportunity.
Cloud-based revenue comes from security services and solutions sold in conjunction with broadband services, security for mobile devices/apps, Web and application hosting services, and security solutions for enterprise infrastructure that has migrated into the cloud, Wilson wrote in the report. “These solutions are tightly coupled to a specific provider’s network or infrastructure,” he wrote.
In calendar-year 2014, 30 percent of cloud-based security service revenue was from managed firewall services; 46 percent from content security; 2 percent from IDS/IPS; 8 percent from DDoS mitigation; and the rest (14 percent) from other security services.
The driving forces behind the slow but steady rise in growth of cloud security services demonstrate both the good and bad news of the current security climate for cloud computing, according to the report.
On one hand, the growth shows that there also is an increase in volume, variety and complexity of security threats of all types, from infrastructure-level threats such as DDoS attacks to extremely targeted attacks using 5+ vectors and adapting techniques based on protection detected, Wilson wrote.
Companies, too, have not been so forward-thinking in the design of their security systems, which has resulted in what Wilson calls “security product sprawl.” With security products from sometimes 10 or more vendors with no common policy, management, or reporting system in place, companies are leaving themselves vulnerable to threats and are in need of security services as they adopt the cloud.
An increase in that very adoption is another factor driving growth in the cloud security services market, Wilson wrote. As enterprise IT moves to the cloud, so security will have to follow, regardless of whether companies are ready.
Other factors driving growth in the need for cloud security services include an increased proliferation and distribution of a variety of mobile devices in the workforce—with employees using as many as five devices to access corporate data these days—and service provider investment in security services rollout to create sticky, high-margin revenue going forward, according to the report.
Security product manufacturers also are in solution providers’ corners in their quest to take advantage of the market, developing products specifically aimed at helping providers deliver managed common platform enumeration (CPE) and cloud services, Wilson said.
“The adoption of SDN (software defined networking) and NFV (network functions virtualization) in particular are will really enable providers to build agile cloud and CPE-based services, and help drive the growth we’ve forecast through 2019,” he wrote in the report.
cloud-based application delivery service that protects websites and increases their performance, improving end user experiences and safeguarding web applications and their data from attack. Incapsula includes a web application firewall to thwart hacking attempts, DDoS mitigation to ensure attacks don’t impact online business assets, a content delivery network to optimize and accelerate web traffic, and a load balancer to maximize the potential of web environments.
As more companies begin to explore the benefits of cloud computing, it was found that this solution had the potential to:Provide more flexibilityReduce IT management of hardware and dataReduce management of web applications through automated updatesProvide greater storage capacity
While the advantages of a cloud solution are evident, there are many who also have been quick to point out the fact that there are plenty of security concerns one faces when considering moving to the cloud.
The debate as to how secure moving applications and data to the cloud is such an area of concern that the topic consumed much of the discussion at the 2009 RSA conference. These ongoing debates have sparked a number of security experts to identify a number of threats to cloud computing to include;
Moving data to the cloud requires a great deal of trust in the host since they are essentially housing all of your data. If they fail to put adequate security controls in place between the client and data, a number of attacks can be used to compromise sensitive information. SQL Injection attacks, compromised servers, and session hijacking can all lead to cyber criminals harvesting your data on someone else's watch.
While this is also noted as one of the benefits to cloud computing, it can also cause problems. As web applications grow in popularity, more companies rely on them as an integral part of how they do business. Moving these applications to the cloud should mean that the management of these apps is taken care of, but this usually means automated updates, not complete security. In fact, George Reese stated in his article, Twenty Rules for Amazon Cloud Security - "Above all else, write secure web applications."
The fact is, while your cloud provider may handle necessary updates of your software, they are not going to review your code for potential vulnerabilities; make sure your input and output is validated, escaped, and filtered; and that your application is protected against other methods of exploiting common threats like Cross-Site Scripting.
The very nature of the cloud means that resources are shared as they are needed. Traditional perimeter security in the cloud doesn't work in the same way. For instance, using Amazon's Web Services you may find yourself restricted when it comes to checking logs and deploying tools like traffic sniffers and intrusion detection systems. Essentially, its not your perimeter so the way you used to protect it has changed. Some terms of service even prevent you from running vulnerability scans making it virtually impossible to perform a code review. For PCI compliance, this can present a major problem.
Even though data and applications running in the cloud are exposed to a number of security threats, a strong push form industries such as healthcare and ecommerce, as well as support from Google, IBM, Amazon, and other IT powerhouses, means that solutions to these security related problems need to be identified.
One way to protect against threats to your web applications and data is to deploy a Web application Firewall as a software solution. No additional hardware is required on the part of the cloud provider and in can be installed directly in front of your web facing applications.
When deployed correctly, a Web Application Firewall protects your web applications from known threats including:Known wormsRemote Command ExecutionProbesDenial of Service attacksCompromised servers
Web application Firewalls also take traditional security much further. By performing a deep inspection of traffic on the web service layers they are able to stop threats that intrusion detection and prevention systems often miss.
Cyber criminals attack the most vulnerable web sites, and they attack the biggest possible pool of victims they can. As more IT departments are forced to scale back, cost saving initiatives like cloud computing become even more attractive.
While cloud computing provides managed services, you are still responsible for compliance. No provider will assume this responsibility for you simply because they are managing your applications and data. In order to comply with regulations like PCI DSS, HIPPA, SOX, and the many others it is essential that security be one of the most important factors when making the decision to move to the cloud.
What sets Student Shelter apart is that it offers comprehensive protection against threats to web applications while being one of the easiest solutions to use.
By acting as a Security-as-a-Service solution, Student Shelter is able to provide protection to web servers whether the admin has an extensive background in security or just a minimal amount of knowledge on the subject. In just 10 clicks, a web administrator with no security training can have Student Shelter up and running. Its predefined rule set offers out-of-the box protection that can be easily managed through a browser-based interface with virtually no impact on your web site’s performance.
Architected as plug & play software, Student Shelter provides optimal out-of-the-box protection against DoS threats, Cross-Site Scripting, SQL Injection attacks, path traversal and many other web attack techniques.
The reasons Student Shelter offers such a comprehensive security solution to your web application security hosted in the cloud are:Strong security against known and emerging hacking attacks – even zero-day vulnerabilities can be stopped before they exploit your web site.
Best-of-breed predefined security rules for instant protection.Interface and API for managing multiple servers with ease. This works especially well with multiple virtual servers in the cloud.Requires no additional hardware, and easily scales with your business. Your cloud provider is not required to do anything. The software can be easily installed by your staff without the need for additional support from your cloud provider.
Student Shelter 's unique security approach eliminates the need to learn the specific threats that exist on each web application. The software that runs Student Shelter focuses on analyzing the request and the impact it has on the application. Effective web application security is based on three powerful web application security engines: Pattern Recognition, Session Protection and Signature Knowledgebase.
In today’s inter-connected web environment, where all organizations have a cloud presence and users access the Internet from all over the world using public and private networks, you need on-demand web security for the cloud. Detailed, customizable reporting provides visibility into web traffic and granular web application and operation controls. IT administrators have actionable intelligence to instantly create and apply new policies to all users, including roaming workers on external networks. Blue Coat’s cloud-delivered Web Security Service leverages our web and security partnership with 15,000 of the largest global enterprises, including 88 of the largest companies in the world, providing you comprehensive protection against web-based threats for all users regardless of location.
Webmaster Feedback: [email protected]
All Rights Reserved Copyright, 2010-2020 Student Shelter In Computers ®