Depending on whom you talk to, cloud security is either the industry's biggest oxymoron and won't be resolved anytime soon or it's no big deal because cloud vendors typically have tighter security than do any of their customers.
Wherever you fall on that continuum, the notion of security comes up as a key concern in many surveys on the topic, so it's clearly top-of-mind at most IT shops. There are a few security standards initiatives that might eventually help clear up matters (see sidebar below), but those are a long way from being ready to implement.
One thing is clear, experts say: Don't assume anything before doing your own due diligence. "It would be nice to think the vendors are doing a great job [of protecting the data] and they are building a highly robust application framework that provides a high level of security," says Jay Heiser, an analyst at Gartner who studies risk in the enterprise and regulatory compliance.
"The biggest frustration is determining whether they did that -- if a provider cannot give you definitive evidence [through testing and data verifications] that their product is [as] secure as they say it is, you have no ability to make a business decision to use it," Heiser adds.