Press Release

STAMFORD, Conn., January 22, 2013 View All Press Releases

Gartner Predicts Cloud as a Delivery Model to Shape Buying and Prioritization of Security

Analysts Identify Key Security Solution Predictions for 2013 and Beyond

Increased adoption of cloud-based computing is expected to impact the way security is consumed as well as how key government agencies will prioritize security of public cloud infrastructures, according to Gartner, Inc. The growing importance of public clouds, along with the ever-persistent threat on private and public sectors' infrastructures, is expected to result in the U.S. government declaring them a critical national infrastructure.

"The popularity and increased adoption of cloud-based security services, albeit at different degrees, will influence the shape of future security marketplaces," said Ruggero Contu, research director at Gartner. "Deployments of virtualization, and its replacing of traditional physical hardware platforms, are expected to impact the deployment model of future network security capabilities, which are expected to be based increasingly on virtual security appliances."

Gartner has made three predictions about the security solutions industry for 2013 and beyond:

By 2016, public cloud infrastructure will include and be mandated to critical national infrastructure regulations by the U.S.

In lieu of poor economic and debt conditions globally, governments continue to seek ways to reduce their IT operating expenditures, eliminate duplication across their IT organizations and optimize their compute resources. Several key governments have created initiatives for the adoption of cloud-based services but have yet to experience significant negative impacts due to their cloud services adoption in the form of disruptions or attacks on cloud services providers. As the economy becomes heavily reliant on public cloud infrastructure for everyday computing activities, cloud services disruptions will pose greater risks to the overall economy and eventually become a threat to national security in the form of economic disruption.

"Public cloud services providers will need to comply with critical infrastructure protection mandates for systems outside of the scope of just federal government use under the FedRAMP program (Federal Risk and Authorization Management Program)," said Lawrence Pingree, research director at Gartner. "Security technology providers will need to prepare their technologies in order to address potential mandates for critical infrastructure protection of public cloud environments. Providers that lack the ability to offer compliant security controls to address critical infrastructure protection mandates will likely face sales difficulties in cloud environments and may be filtered from shortlists based on emerging critical infrastructure protection requirements."

By 2015, 10 percent of overall IT security enterprise product capabilities will be delivered in the cloud.

Growth rates for cloud-based security services are set to overtake those of traditional on-premises

security equipment over the next three years with operational cost reduction, flexibility of deployment across multiple IT environments, and fast implementation and product updates among major factors driving demand. A number of factors will inhibit higher adoption of cloud-based security services as not all businesses will be able to benefit from this delivery model in equal measure. Those organizations located in geographies where Internet connectivity is unreliable or that require high levels of product customization will be at a disadvantage in utilizing this form factor.

Growth opportunities are present across different regions and countries, but Gartner expects North America to provide the majority of spending.

"The biggest opportunities currently center on areas such as messaging and Web security as well as remote vulnerability assessment," said Mr. Contu. "However, as maturity evolves a wide variety of security offerings will emerge, such as data loss prevention (DLP), encryption and authentication, to be increasingly available in the cloud. As new startup players establish themselves with innovative offerings, established players will look to acquire them to expand their portfolios with new capabilities and remain competitive."

By 2015, 20 percent of the VPN/firewall market will be deployed in a virtual switch on a hypervisor rather than a physical security appliance.

Physical network security appliances, such as server mobility and simplified architecture, can inhibit key virtual server benefits customers seek. Partnering with hypervisor providers has become critical to offering network security on the virtual switch. Virtual switches allow for new firewall players such as host-based security software companies to enter the network firewall market. Since a virtual switch is one level of abstraction away from the physical data switch ports, providing network security is no longer just for physical network providers. Hypervisor providers are moving firewall offerings from the data center to the network edge. This could be key for new network firewall players leveraging hypervisor technologies to gain firewall market share outside of the data center.

"Growth in the firewall market could come from virtual players," said Eric Ahlm, research director at Gartner. "To date, the virtual firewall market has been limited to data-center-class firewalls, which make up the minority of the total firewall market. A push from the virtual providers to bring their technology to the edge could be a key accelerator to the virtual switch market growth. Enabling the key benefits of virtualized servers, while not compromising security, is becoming a key requirement for network data-center-class firewalls while transportability of network firewall controls outside of a customer's data center to a third-party provider is essential to customers using these providers for more critical systems."

More detailed analysis is available in the report "Predicts 2013: Security Solutions." The report is available on Gartner's website at

More information on Gartner's top predictions for 2013 will be presented in the webinar "Top Technology Predictions for 2013 and Beyond" taking place February 27 at 8 a.m. and 11 a.m. EST. To register for this complimentary webinar, please visit

More information on security solutions and management will be presented at the Gartner Identity and Access Management Summit 2013 taking place March 11-13 in London, U.K. More information can be found at Members of the media can register to attend the event by contact Rob van der Meulen at

Information from the Gartner IAM Summit 2013 will be shared on Twitter at using #GartnerIAM.

Gartner analysts will also look at the outlook for security solutions at the Gartner Security & Risk Management Summit 2013 taking place June 10-13 in National Harbor, MD, August 19-20 in Sydney, Australia, and September 18-20 in London, UK.  More information on the U.S. event can be found at  Details on the U.K. event are at Members of the media can register for press passes to the Summit by contacting (U.S.), (Sydney) or (U.K).

Information from the Gartner Security & Risk Management Summits 2013 will be shared on Twitter at using #GartnerSEC.

About Gartner

Gartner, Inc. (NYSE: IT) is the world's leading research and advisory company. The company helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. Gartner's comprehensive suite of services delivers strategic advice and proven best practices to help clients succeed in their mission-critical priorities. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has more than 13,000 associates serving clients in 11,000 enterprises in 100 countries. For more information, visit

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.