Year of the Data Breach or Year of the Cloud?

Some people have been calling 2014 the year of the data breach. It's not difficult to understand why -- it seems that there is another breach in the news weekly, if not more often than that. People often ask me why there are so many breaches in the news of late. I can't say for sure, but I suspect it is some combination of these factors, among others:

• Crime does pay (attackers profit by compromising organizations)
• Difficulty in tracking down and prosecuting the attackers (for a variety of reasons)
• Better detection techniques
• Better information sharing
• Decrease in stigma for owning up to a compromise
• Greater security awareness among business leaders and executives

My thought is that 2014 will actually be remembered as the year of the cloud. Time will tell for sure, but I am already seeing a few indications that this may be the case:

• Small and medium-sized businesses are becoming more acutely concerned by the risks and threat landscape, causing them to seek economically viable security solutions for the SMB market (reference earlier "Security as a Line Item" blog posting).
• Tightening budgets inside enterprises and governments, causing those organizations to seek economies of scale for security solutions
• Shortage of qualified analytical talent, causing organizations to consider de facto analyst "time-sharing" arrangements
• Movement towards a "SOC Center of Excellence" model, allowing organizations to focus on their primary business (which is most often not security)
• Vastly increased interest in publications and blogs discussing the cloud

If anything, I would argue that the recent press on breaches has helped to accelerate the move to the cloud that was already underway. Each new breach that comes to light likely causes several organizations to move from the thought stage to the action stage. Perhaps the year of the cloud is upon us?