When asked about cloud computing and security, Citi's Gleason offered her own advice, saying businesses should reasonably expect to be able to conduct some type of ethical hacking on the cloud service providers they want to use in order to test their security. Not only should that be in any contract, but also a provision that your business should be notified in the event the cloud service provider is hacked. She said companies should expect both their business partners and vendors, including security vendors, to make their security policies and practices plain since they are all close to valuable business data.
Zandoli said it's certainly a concern that there is a shortage of security professionals to hire. But every company has to try and be a "hardened target" as best it can since the whole situation is akin to "a cyberwar and surprise is a great advantage for adversaries."
This situation of constant threats and attacks means "unfortunately, the bad guys are often one step ahead of us," acknowledged Gleason, which she added, makes cybersecurity a job interesting though occasionally depressing.