Of course, you and I know the dangers come primarily from the people with administrative control and any physical connection to the outside world. Where these boxes sit is way less important than the electronic defenses and governing procedures surrounding access.
Yet, executives cling to the belief that their IT department will somehow manage to protect their systems and data. Putting this responsibility in the hands of a third party somehow introduces an additional level of risk.
My faith in cloud providers was shaken a bit, though, when I read about the recently exposed security flaw in Amazon AWS. Researchers uncovered an electronic loophole which would have allowed the bad guys to take administrative control of the AWS environment. Very scary to think someone might have discovered the back door to the fort was left open so anyone could waltz in and take over.
It is true cloud providers like Amazon may have the best of the best. But we certainly know that nothing is perfect and it is likely that other security holes will be found. Attackers may anticipate a greater payoff in hacking a cloud service than going after any single company. I was reminded of Willie Sutton who, when asked why he robbed banks, replied, "..because that's where all the money is."
One cloud provider may be supporting the systems of thousands of different customers including some applications for major corporations. A successful hacker would be a kid in a candy store -- at night, after close, with no parents around. Why spend time breaking the lock on the front door of a house when you could compromise the card key system in a thousand room hotel.
Given the number and frequency of high profile security breaches, no one knows how to maintain absolute security. I'm going with the safety in numbers theory and suggest taking your chances with cloud services.
Follow me on Twitter @JPuglisiLLC