Six burning questions about network security

The second in-the-cloud type is what Gartner prefers to call"security as a service," which is "totally divorced from a bandwidth service," Pescatore says. Using an antispam service, for example, involves redirecting the MX record to the service provider but doesn't entail specific bandwidth services tied to one single carrier.

This genre includes e-mail spam and antivirus filtering; vulnerability scanning; and Web filtering. What it doesn't include, by and large, is either DLP content monitoring and filtering or identity access and management, which are tightly coupled to internal business changes.

Using security-as-a service in the cloud makes a lot of sense to protect mobile laptops or provide protection for widely distributed branch offices, Pescatore says."For the very large global corporations, this is attractive," he says.

However, most companies will probably find it as easy and cost-effective to continue to guard internal operations by deploying their own security gear to filter spam, viruses and restrict Web access.

There are potential risks to filtering services. You might not want to transmit sensitive business transactions through this kind of third-party service. And, there's always a chance the service might go out of business.

All of these in-the-cloud services are still fairly new, seeing a growth spurt only in the past three years, Pescatore says, with MessageLabs, Microsoft, Google's Postini and Websense to be counted among the vendors. Gartner estimates that in-the-cloud e-mail security services don't account for more than 20 per cent of the total e-mail security market but will jump to 35 per cent by year-end and 70 per cent by 2013.

According to research firm IDC, last year the market for e-mail security software was US$1.38 billion, and appliances another US$692.2 million. In-the-cloud services, which IDC calls hosted services, were US$454 million. Software and appliances are expected to continue steady growth (see chart), and hosted services will jump to US$638 million this year and US$1.39 billion by 2011.

This kind of expansion of in-the-cloud services encourages the Jericho Forum, an organization of about 60 corporations which has been actively pushing for innovative e-commerce security that reaches outside the traditional corporate boundary of the perimeter.

"Web filtering in the cloud has only taken off in the last 16 months," says Paul Simmonds, a member of the Jericho Forum board."There are many more in-the-cloud services today than there were a few years ago." Simmonds said the"disappearing perimeter" in corporate networks is making in-the-cloud security services an appealing option that many businesses are exploring today.