Network security is migrating to the cloud, according to a recent 451 Research study. The study found 72 percent of respondents indicated a preference for security-as-a-service over on-site solutions or outsourcing security to a third party.

The survey, commissioned by security-as-a-service firm OPAQ Networks, also found the average mid-tier company spends $178,000 annually on network security — this represents 39 percent of an organization’s total IT security budget — and 20 to 60 hours of in-house staff resources.

This dollar figure will grow nearly twice as fast as overall IT security spending over the next five years, from $2.4 billion in 2016 to $3.5 billion in 2021, the survey found. This represents a compound annual growth rate of 8.9 percent. Forty percent of respondents said they expect their spending on network security will increase between 10 to 20 percent in the next 12 months.

Some 301 IT executives at U.S.-based businesses with 501-2,500 employees responded to the survey during the first quarter of 2017.

Mid-tier businesses’ security challenges — from attack frequency to complexity and costs — are increasing, as are the number of security products to be managed, said Daniel Cummins, 451 Research analyst in a statement. “Cloud-based security-as-a-service offers potentially significant advantages in terms of simplicity and access to security that may prove to be less complex and expensive than traditional approaches.”

Although nearly 40 percent of respondents said part-time employees, contractors, and managed security service providers (MSSPs) manage their security workload, 72 percent said they would prefer security-as-a-service. This is compared to MSSP (9 percent) or on-premises (19 percent) security solutions.

Additionally, 87 percent said they plan to migrate to security-as-a-service within the next 12 months.

Other findings include:

  • The most desired cloud-based security capabilities were data loss prevention, network access control, and encryption, followed by threat management, application control, SSL decryption, and URL filtering.
  • The top cloud-based security use cases cited were threat management and branch office enablement and optimization, followed by multiprotocol label switching (MPLS) displacement, MSSP displacement, on-demand security, and securing software-as-a-service (SaaS) applications.
  • More than 60 percent cited legacy IT as the greatest barrier to improving visibility and control within their networks, followed by lack of budget at 27 percent.