This was the claim of Philippe Courtot, chairman of security company Qualys, speaking at the RSA Conference in San Francisco last week.
"We know that it's getting harder and harder to secure the current computing infrastructure and something has to change. Fundamentally there are too many variables and too many security patches," he said.
Read more: RSA Security Conference
"The burden today is on the enterprise: they have to select the components, the servers, the routers and the applications, and to add insult to injury they have to secure that."
According to Courtot, the burden of security on organizations is too great, and the cloud is potentially the answer.
Proponents of cloud computing often point to the ability it gives businesses to buy services themselves, bypassing the IT organization. Courtot warned: "If you resist the move to the cloud you will be replaced. Resistance is not an option."
However, he still sees a role for the internal IT security team: "The security people will have a more strategic role because they will be selecting the correct partners," he said.
The complexity of combining cloud applications with traditionally sourced applications will also secure an important role for IT teams, at least in the short term.
Chief information officers, however, remain sceptical of cloud computing, and recent research by silicon.com saw it branded this year's most overhyped technology.
According to Courtot, a number of improvements are needed before cloud computing will be able to take off, including the development of more secure browsers, stronger authentication and federated ID in the cloud, secure open protocols and standards, and legal and contractual improvements.
This article was originally published on silicon.com.