I have been working with Clouds since before the coining of the term itself (back then, the startup I was working for called it "Agile Infrastructure"; now it's known as "IaaS"). From the very beginning, a frequent blocker to adoption has been the question of security. "We can't go to the Cloud because it is simply not secure," goes the complaint.
Well, I'm here to say it's bunk -- pure bunk. There is NO new security problem in the Cloud.
There is, in fact, a security problem in external Clouds -- but it is already in your data center right now.
If you take a truly secure system and place it in an external or hybrid cloud, it will remain secure. Simply exposing a secure system to a larger number of potentially hostile assailants is not enough to make it vulnerable. No, a truly secure system is designed to remain that way even during escalating pressure.
The problem is that very few of our current systems are truly secure. They rely heavily on the notion that threats are few behind the corporate firewall, so they don't need to have air-tight security. That concept is -- and always was -- a mistake. And now that conditions are changing in the Cloud, the inappropriate assumption is causing major headaches. The leaks in the boat are becoming apparent now that it is finally in the water....