Cloud Security Spending to Hit $3.5 Billion. Why That’s Major News.

According to new predictions from Forrester, spending on cloud security is expected to hit $3.5 billion within the next 3-4 years. The report makes clear that as more enterprises make the move to the cloud, CIOs and CISOs are emphasizing security solutions to protect their data and other technology investments. That emphasis is not about checklisting the box labeled “security”, but rather a recognition that for all the cloud’s advantages, there are corresponding security needs. The truth is that no enterprise can leverage the cloud without committing to a cloud security strategy.

Some of the awareness is a result of high profile breaches and the proliferation of malware and ransomware across all types of government and enterprise organizations. But more than that, it’s really an indication of maturity. The cloud delivers on so many promises of efficiency, reduced costs, and other operational benefits, but securing one’s data in the cloud is increasingly recognized as perhaps the single most important aspect of using a cloud platform. In other words, security IN the cloud is as critical as the cloud itself. Yes, I just said that.

What’s especially notable about Forrester’s research is that it encompasses all manner of services platforms; Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and of course, Software as as a Service (SaaS). The implication is that while this new concept of computing — hardware, software, integration, and everything transactionable through technology — is being embraced in a variety of forms, it is inherently in need of security. And not just a tool that provides monitoring, but an agent-less, continuous solution that functions in parallel (in both the sense of technology, and business importance) with overall cloud operations.

The Forrester report signals major progress for the discipline of security. That $3.5 billion won’t just be spent as replacement for legacy security tools. Rather, cloud users will add seats and functionality as their needs change; more integrations with additional applications, the addition of new AWS services, the adoption of more cloud regions to support enterprise growth. This isn’t just about selling more licences, because that’s not what the cloud is all about. Sure, the flexibility of the cloud architecture means that scaling is easier, but the security spend maps directly to the functional and business needs and changes that organizations need. What’s more, the cloud security vendors who stand to reap the most from this spending are not delivering layers of new products. When done correctly, their products are non-intrusive and automated in how they support DevOps, SecOps, and IT.

Let’s be very clear; the appetite for cloud security is not just a 1:1 type of equation. The cloud offers varying degrees of flexibility and continuous innovation, but it does so in an architecture that’s a bit more complex. Marketing execs at cloud vendors will tell you that you aren’t supposed to have to worry about this complexity. Yet, the trade-off for all the wonderfulness of the cloud is that you have more endpoints and openings (which provide major business and technology benefits) mean more opportunities for intrusions.

The good news in all of this is that these high profile attacks haven’t dampened the drive towards cloud adoption. Rather, there is an awakening among security, compliance, DevOps, and IT managers to the reality of security for mission critical applications. Because in this environment there is the flexibility to integrate and interact with more applications and across more digital channels, there is a corresponding need to change the mindset and solutions that address security and compliance in the cloud.

Enterprises that want to operate in the cloud have to move beyond the legacy security frameworks that governed on-premise environments. To secure those required a myopic mindset; safeguard that which is within our domain (and the domain could be easily controlled). Security for that type of architecture was very much about the surface of the network, and typically extended only to the firewall. Sure, that helped keep a lock on things, but it prevented enterprises from taking advantage of new types of marketable channels.

The cloud has proven itself to be a strategic asset for enterprises. Those enterprises are realizing that to maintain the advantages the cloud delivers to them, they have to have corresponding security that protects the very thing that is helping them define and operate with increased efficiency and better results.