Software-as-a-service (SaaS) is set to grow into one of the most important ways for SMBs to buy security technology, an IDC report has predicted.

According to the analyst's Worldwide Web Security 2008-2012 Forecast, interest in hosted security will buck the troubled economy in developed countries to record nearly 50 percent per annum growth rates over the next four years.

The overall spending will still be relatively modest, rising from 2007's $49.3 million (approx £28 million) annual revenue, to an estimated $365 million (£208 million) by 2012. That will still make hosted security the fastest-growing sector in the $1.4 billion web security market, which includes appliances and desktop software.

"Most of the security investment in SaaS has been in the messaging security market. However, according to our latest survey results, that's about to change," says author Brian E. Burke, who predicts hosted security will also become an important way of accessing URL blocking, vulnerability assessment, VPN remote access, and secure backup.

SaaS-based security will make inroads across all types of company, but especially among SMBs, defined as organisations between 100 and 1,000 employees in size.

"Many companies, especially in the SMB segment, lack the in-house capabilities to keep up with the changing web security landscape and challenges. For them, a SaaS approach to securing their businesses is fast becoming an attractive alternative," says Burke.

It's hard to tell which vendors will benefit most from the popularity of SaaS for security services. The current leaders are ScanSafe, MessageLabs and Websense, but these vendors sell mostly email filtering-based SaaS.

Vendors such as Webroot - which have set out to bundle other aspects of security such as web filtering to this basic model - have yet to make a significant impact. The market is still very immature; Symantec, McAfee and hosting services giant Google barely figure.

The full report can be purchased as a download from the IDC website.