The good news is that 50% of data threats come from within. With the move to the cloud I expect that percentage to change, with the difference being the access required for "inside" users to interact with cloud applications and services.
The bad news is that available bandwidth and access complicate the real-time data collection capabilities. I predict that the forensic community and vendors like Network Instruments will come up with new ways of collecting the data and signatures required to document illegal activity.
Thanks to Ken Westin and TripWire's The State of Security
The Coming Storm: Forensics in the Cloud | The State of Security