According to John Colley, despite the fact that security professionals are getting to grips with new technologies, companies are set to stumble into new areas for putting data at risk with the do-it-yourself (DIY) accessibility of cloud computing.
Coupled with a recovering economy, the (ISC)2 director warns about companies moving into new IT initiatives such as cloud computing before they can be properly resourced.
"After the cut-backs in 2009, most businesses will be eager to re-engage business initiatives. They should beware of rushing in without giving proper consideration to the security requirements however especially since security teams and projects have been pared back to minimum requirements it will take time to build them back up", he said.
Colley added that, adding to this dynamic is the concern that cloud computing will make it very easy for people to get around the internal limitations of their IT department.
In an Autumn 2009 poll of over 300 (ISC)2 certified security professionals, he explained, researchers found that more than 92% of respondents anticipate employees will circumvent the IT department to trial software-as-a-service (SaaS) or cloud based solutions
"On the one hand, a carefully controlled migration to cloud base services with suppliers that can demonstrate a real appreciation for security can enhance a company's security stature", he said.
"On the other, the newly developed do-it-yourself ability for all risks uncontrolled placement of data with cloud service providers of all abilities", he added.
Against this backdrop, Colley said that businesses face a significant learning curve during which the opportunity to put data at risk will multiply.
Because of this, he advised information security professionals to put more emphasis on user accountability.
"It has never been enough to secure the systems; data is manipulated by the people that use it and they are the ones introducing much of the new risk of its compromise", he said.
"The good news is both business and individual users trusting cloud services will not tolerate data compromise for long. This will force them to prioritise security and in turn impact priorities for the developers serving this sector", he added.