The GAO says that says that the Feds haven’t done enough about a cloud strategy, including security. Isn’t it too late to worry about that? Enterprises, government, and even individuals, driven by cost considerations and dubious cost/benefit analyses, continue to flock to the cloud regardless of security concerns.
After all, if it’s an Internet-facing application, does it really matter whose application it is or where the data resides? Enterprises haven’t done a great job of protecting data when it’s stored in-house. How can the cloud be any worse?
As Jim Tiller pointed out, there’s a change coming in information security, from protect and detect to respond. Protect isn’t working too well, and detect is too slow, especially in the face of APTs. Attacks are increasingly more sophisticated, whether from governments or organized crime, and data increasingly less secure, regardless of where is resides. The days of reactive security are nigh.