Gartner is predicting good times ahead for the security-as-a-service market, with the industry set to be worth as much as $4.2 billion by 2016 as businesses strive to reduce IT security costs by shifting these products into the cloud.

The forecast comes from Gartner’s newest report, Demand for Cloud-Based Offerings Impacts Security Service Spending, which comes in the wake of a previous study last January where it claimed that the cloud would host around 10% of all IT security products by 2015.

Eric Ahlm, Research Director at Gartner, based his estimates on the growing demand from businesses that see cloud-based IT security as a way of counteracting a lack of staff and skills. Other drivers include a bid to reduce costs associated with IT security, and a need to comply with security regulations rapidly.

“This shift in buying behavior from the more traditional on-premises equipment toward cloud-based delivery models offers good opportunities for technology and service providers with cloud delivery capabilities, but those without such capabilities need to act quickly to adapt to this competitive threat,” concludes Ahlm in his statement.

The most commonly used security-as-a-service tools are all expected to see major growth in the next three years. These include web security services, email security, website fraud protection services, identity and access management (IAM), application security testing and web application firewalls.

In addition Gartner says that one of the fastest growing areas is likely to be the little known “security information and event management as a service” or “SIEM”, which is attracting interest from enterprises looking to address regulatory compliance concerns and reduce costs associated with log management, security event monitoring and compliance reporting. However, there are some challenges that need to be addressed in this area, most notably the fact that many businesses are cautious about storing sensitive log information within the cloud.

More broadly speaking, Gartner predicts that the influence of security-as-a-service on the wider IT security market is set to grow significantly over the next few years, as organizations look for the most cost-effective security deployments. Simply put, the value offered by cloud security providers will become so great that organizations won’t be able to ignore it for much longer.

“The value that cloud services bring to security buyers is measurable in terms of capital and operational cost reduction,” claims Ahlm.

“Security providers that currently offer only a hardware/software-based solution requiring implementation should build product road maps that allow customers to move to the cloud at their pace.”