Gartner on cloud security: 'Our nightmare scenario is here now'

About the physical security appliances out on the market today, MacDonald said "these boxes are expensive," and he disparaged Cisco, Juniper and TippingPoint as "not having much going on now because they like to sell boxes."

When it comes to cloud computing services, the security professional is being pressured to "get out of the way" and figure out something that's "secure enough," said MacDonald, though the impulse will be to say no to the cloud.

Though the public cloud "makes sense for less-sensitive data," there are limits, such as "PCI stuff, no way," MacDonald said, referring to the data falling under the Payment Card Industry security requirements.

But there are going to be "trade-offs" as new cloud service offerings, and the stance the security professional should take is to clearly explain the risks to the business owners of the data and make sure they accept it, not push it back onto the security and IT department.

"They get all the accolades and you take all the risk, who wants that job" he pointed out.