Australian companies may be among the most enthusiastic and progressive about cloud services in the world, but they're opening up new avenues for attack unless they complement cloud initiatives with efforts to identify control unmanaged privileged user accounts, a CyberArk executive has warned.The Israel-based company has ramped up its presence in Australia this year, chief marketing officer John Worrall told CSO Australia, with the initial one employee already growing to four in a matter of months and more on the way.Yet behind this demand, he added, are many cases of organisations pushing towards the cloud only to discover that simply replicating large numbers of servers in the cloud is duplicating vulnerabilities as privileged user accounts are similarly duplicated \u2013 and, often, left exposed in large quantities.\u201cYears ago the market was driven by regulatory compliance, but in the past 18 to 24 months we've definitely seen a shift in our customer base around the globe,\u201d Worrall said. \u201cThey are much more aware of the role of privileged accounts in cyber attacks \u2013 whether from internal staff, or outsiders who have come into the network and go rogue using the credentials they've been given.\u201dOver time, the number of additional accounts that systems administrators create can exceed the number of employees by a factor of 3 or 4: \u201cwe had one customer that had over 1 million privileged user accounts,\u201d Worrall recalled. \u201cThe numbers can be quite staggering.\u201dCloud's multiplier effect compounded the problem by creating additional instances of servers with privileged user accounts. These additional instances needed to be managed, either by limiting the lifespan of the virtual images that contain them, or by ensuring that privileged accounts are tracked and effectively managed.\u201cIt's not a technology challenge,\u201d he said, \u201cbut a process challenge.\u201dService providers as well as end-user customers bear the onus of controlling the environment's exposure to privileged access accounts, he added.\u201cIf you're putting your data into the cloud and it has privileged security, who is responsible for that security?\u201d he said. \u201cIf service providers can provide full access controls and privileged monitoring, they can go back to the customer to say 'we're doing our job and have the records to prove it'.\u201d\u201cIt's really about having the processes necessary to make sure that your service provider is doing the things they need to do.\u201dTo support these efforts, CyberArk this week integrated its Privileged Threat Analytics tools with McAfee's Enterprise Security Manager (ESM) platform, which can quickly block or downgrade privileged user accounts once they are correlated with malcious activity.Customers also needed to consider the exposures created by privileged user accounts in the context of new mobility initiatives that made network access points more exposed than ever, Worrall added.Given Australia's strong mobile usage and rapid-fire cloud adoption, businesses in this country faced a particularly strong burden to get on top of their privileged accounts: once malware had exploited such an account to get inside the network, he pointed out, it was already too late.\u201cThe customers I've met in Australia are much further along in providing cloud and solutions that manage privileged security in the cloud,\u201d he explained. \u201cThat's one area that Australia is unique and leading on.\u201d\u201cBut every business has something that somebody would want to steal \u2013 and once a hacker has privileged access to a system they don't need the malware anymore. Companies have to work on the assumption that attackers are already in the network \u2013 and, in cloud environments, this makes privileged account protection just that much more important because the attack surface is just so broad.\u201dThis article is brought to you by Enex TestLab, content directors for CSO Australia.