A recent survey of 301 U.S.-based IT security professionals found that fully 87 percent of respondents plan to migrate to a security-as-a-service model within the next year.
The survey, conducted by 451 Research and sponsored by OPAQ Networks, also found that almost 40 percent of respondents said part-time employees, contractors and Managed Security Service Providers (MSSPs) manage their security workload.
Eighty-two percent of respondents said they spent 20 to 60 hours a week of in-house staff resources on procuring, implementing and managing a variety of security products.
"The security challenge for mid-tier businesses is multi-dimensional," 451 Research analyst Daniel Cummins said in a statement. "For these businesses, everything seems to be increasing -- attack frequency, compliance requirements, complexity, costs, and the number of security products that need to be managed."https://o1.qnsr.com/log/p.gif?;n=203;c=204660770;s=9477;x=7936;f=201812281321530;u=j;z=TIMESTAMP;a=20396194;e=i
Almost three quarters of respondents dedicate between three and five full-time employees to managing their security, with a total cost of $178,000 a year just for network security for the average mid-tier business.
Shifting to Security-as-a-Service
Forty percent of respondents expect their network security spending to increase by 10 to 20 percent over the next 12 months.
As a result, 72 percent of respondents said they prefer security-as-a-service over on-premise (19 percent) or MSSP (9 percent) solutions for managing security.
"We thought there would be a preference for the ease and simplicity of security-as-a-service solutions, but we were genuinely surprised by both the degree and urgency of the market demand," OPAQ chief strategy and technology officer Ken Ammon said in a statement.
"MSSPs are and will continue to play an important role in advising and supporting incident response, but this study reveals that MSSPs should look to leverage cloud-based solutions in order to deliver what the market is demanding," Ammon added.
Respondents' most desired cloud-based security functionality includes data loss prevention, network access control and encryption.
Over 60 percent of respondents said legacy IT is the greatest barrier to improving visibility and control within their networks, followed by budget limitations at 27 percent.
Managing IT Pros' Time
Separately, a recent survey [PDF] of over 150 North American IT decision makers found that just 11 percent of IT pros' time is spent on IT planning and strategy, and just 13 percent is spent on modernizing technology.
The survey, conducted by Spiceworks and commissioned by Carbonite, also found that 42 percent of respondents faced malware attacks last year, 40 percent were impacted by phishing, 26 percent experienced ransomware attacks, 25 percent were hit by spyware, and 13 percent suffered DDoS attacks.
The majority of respondents said their company isn't currently prepared to handle these threats.
"In a time when data threats are more prevalent than ever, it's important IT teams have the capacity to focus on mission-critical tasks as well as proactively preparing for threats and strategizing ways to innovate their existing technology in order to facilitate a safe and secure organization," Carbonite chief evangelist Norman Guadagno said in a statement.