"At the end of the day, the capabilities and economics around the cloud computing model are so compelling that when you artificially try to not take advantage of them you impact your ability to compete, because others will take advantage of them," Heim said. Whirlpool recently decided to move about 30,000 employees from an on premises IBM Lotus Notes system to the Google Apps public cloud email and collaboration suite.
"We believe we have a very good plan in place to make sure we're just as compliant and secure, if not more so, than we were before," Heim said.
There are ways to mitigate risks associated with cloud computing, as well as precautions, safeguards and best practices that can be adopted, IT executives said. For example, companies should examine what prospective cloud vendors offer in terms of data center redundancy, IT and physical security, risk mitigation, operational practices and government and industry certifications. IT executives can also complement cloud vendor offerings in these areas with best practices and security wares on their end, like systems that encrypt data before it's transmitted to the public cloud servers.
More than government snooping, IT chiefs appear to consider insider threats a more concrete and likely danger, including disgruntled employees or contractors like Snowden who out of malice or in retaliation expose confidential data or damage IT systems.
In fact, Snowden should serve as a reminder to CIOs to take precautions when hiring IT staffers and to put in place monitoring systems to alert them about rogue system administrators, said Alex Gorbachev, board member of the Independent Oracle Users Group and CTO of remote database administration company Pythian Group.
For example, email administrators may have unfettered, unaudited access to all mailboxes, he said. That means they could potentially browse through the CFO's messages and take a peek at preliminary financial reports. If such information were to leak, it could become a dicey situation for publicly traded companies.
Many database administrators have similar power. "Most organizations don't have a mechanism to track their activities 100 percent," Gorbachev said.
IT executives also worry about careless employees who may inadvertently compromise company systems in a variety of ways.
"Personally, I am more concerned about safe data handling practices by our users -- flash drives, use of public Internet access, lost or stolen tablets, phones and laptops, passwords on sticky notes -- than I am about the security capabilities of cloud service providers and the intrusion of governments or other entities," Brandon Robinson, network services director at ACES, a power management company in Carmel, Indiana, said via email. ACES uses cloud services for payroll, purchasing, expense reporting and some line-of-business transactional systems.
Another risk that shows up prominently on CIOs' radar screens are external threats, like malicious hackers and malware.
Government surveillance could become a bigger concern if a large company got burned by it -- for example, if a government had surreptitiously collected a considerable amount of confidential data from a company, and a malicious hacker broke into the government's system and exposed the data. But there hasn't been a high-profile case of that sort yet.
"If something like that happened, it would change the picture and have a profound impact," said Jay Heiser, a Gartner analyst. "Otherwise, it's premature for organizations to forgo the benefits of cloud computing, but it's also an opportunity to revisit security concerns in general."
At Needham Bank in Needham, Massachusetts, IT Vice President James Gordon, said the NSA scandal hasn't horrified enterprise IT leaders because "I don't think there's been a relevant connection to how it impacts an organization yet."