With mid-market companies feeling an increasing need to devote time and resources to network security, the security-as-a-service model is gaining traction, according to new research released yesterday by 451 Research.
"The security challenge for mid-tier businesses is multi-dimensional," Daniel Cummins, analyst at 451 Research, said in a statement. "For these businesses, everything seems to be increasing â attack frequency, compliance requirements, complexity, costs and the number of security products that need to be managed. Cloud-based security-as-a-service offers potentially significant advantages in terms of simplicity and access to security that may prove to be less complex and expensive than traditional approaches."
451 Research's Network Security Market Study was commissioned by Herndon, Va.-based security-as-a-service provider OPAQ Networks. The study was fielded in the first quarter of 2017 and surveyed 301 IT security professionals at U.S.-based businesses with 500 to 2,500 employees.
Eighty-two percent of study respondents said they spend 20 to 60 hours a week of in-house staff resources to procure, implement and manage security products. Nearly 75 percent of respondents said they dedicate three to five full-time employees to manage their security. The financial hit to these businesses averaged $178,000 annually just for network security, representing 39 percent of an organization's total IT budget.
Security isn't cheap
Respondents also indicated that they expect the financial burden of network security to continue to increase. 451 Research concluded network security spending will grow nearly twice as fast as overall IT security spending over the next five years. It projects a compound annual growth rate (CAGR) of 8.9 percent, from $2.4 billion in 2016 to $3.5 billion in 2021. Forty percent of the survey respondents projected their spending on network security would increase 10 to 20 percent in the next 12 months.
Nearly 40 percent of the survey respondents said their security workload is currently managed by part-time employees, contractors and Managed Security Service Providers (MSSPs). But things seem to be swinging in favor of a security-as-a-service model: Seventy-two percent of survey respondents said they have a preference for security-as-a-service, compared with nine percent who preferred MSSP and 19 percent who preferred on-premise solutions for managing security.
"We thought there would be a preference for the ease and simplicity of security-as-a-service solutions, but we were genuinely surprised by both the degree and urgency of the market demand," Ken Ammon, chief strategy and technology officer, OPAQ Networks, said in a statement Tuesday. "Eighty-seven percent of respondents said their timing for migrating to this type of network security delivery model was within a 12-month time frame. MSSPs are and will continue to play an important role in advising and supporting incident response, but this study reveals that MSSPs should look to leverage cloud-based solutions in order to deliver what the market is demanding."
451 Research study also found the following:
- Data loss prevention, network access control and encryption are the most sought-after cloud-based security capabilities, followed by threat management, application control, SSL decryption and URL filtering.
- Threat management and branch office enablement and optimization were the top cloud-based security use cases cited by respondents, followed by multiprotocol label switching (MPLS) displacement, MSSP displacement, on-demand security and securing SaaS applications.
- More than 60 percent of respondents cited legacy IT as the greatest barrier to improving visibility and control within their networks, followed by lack of budget (27 percent).