BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The lack of cloud visibility is expected to drive big changes, many of which will be hot topics at RSA Conference 2015.
Security experts predict that the industry's biggest annual confab will highlight emerging technologies and techniques to better identify when an attacker gains access to an enterprise cloud application or service.
The lack of cloud computing visibility has long been a major concern for security professionals and enterprises. While experts say the focus of enterprise security teams should be on preventing attackers from gaining unauthorized access to an enterprise via compromised cloud credentials, they say it's difficult -- if not impossible -- to see what those attackers are doing.
"Someone hacking Microsoft or Salesforce.com or a major cloud provider is not the concern," said Jim Reavis, co-founder and CEO of the Cloud Security Alliance. "The concern is that someone is going to gain access to your accounts, and you won't know it because it's not your infrastructure."
As a result, it's difficult for vulnerability scanning and penetration testing to determine if a cloud account has been comprised -- and even more difficult to tell if it's being used maliciously.
Johna Till Johnson, CEO of Nemertes Research Group Inc. in Mokena, Ill., said the cloud represents a "gaping hole" in terms of security visibility.
Because of that lack of visibility, attacks are leveraging cloud apps and services to exfiltrate data from enterprises, according to Kamal Shah, vice president of products and marketing at cloud security vendor Skyhigh Networks, Inc.
"Increasingly, we're seeing cloud services being used to get data out of the enterprise," Shah said. "What's happening is the cloud is becoming a cybersecurity blind spot."
Improving cloud visibility
Luckily, there are some emerging options to clear up that blind spot in the cloud.
Learn more about how Facebook is using big data security analytics with its ThreatData framework