The cloud -- and outsourcing in general -- breaks off pieces of the stack beneath any given application. That removes the stack from an enterprise CISO's control, and that's not good.

That, according to Wendy Nather, a senior analyst in The 451 Group's enterprise security practice. She spoke out about the problem at the firm's client security event Dec. 1.

Even consolidated security offerings that try to unify the stack are no longer as useful, said Nather, in a presentation entitled, "How the Cloud Breaks Application Security (and a lot of other things)."

There's less to manage, she noted, and unifying management technologies like identity and access management and governance risk and compliance have less to work with, too.

The link for this article located at CSO Online is no longer available.