At the end of my Cloud Expo West presentation last week, I was asked, "How can we verify that a cloud provider actually has all of these infrastructure and security mechanisms in place?" It's a great question, one that deserves a fuller answer than I was able to give in the time available. So here's a more detailed version of my response.
The primary options -- certifications and inspections -- could be added as a requirement in your contract with the cloud provider. Currently, there isn't one formal standard for cloud computing certification, but the following are increasingly being used:
FIPS 200/SP 800-53