Not only is cloud computing regarded as secured by experts, their staff can be trusted. They shouldn't be though. Here's why, and it's not the reason you're thinking.
Like most contempt-worthy buzz words, cloud computing, or now just cloud, masks the true meaning. So let's clarify here and now for the rest of this article, and hopefully the rest of time for all. Cloud means someone else's computer(s)!
This may be of comfort to some, in that they haven't to worry about capexs or overhead of on-site facilities. But it might not be to others with regard to system and data security and/or privacy.
The industry has been around long enough now to reveal an interesting result on the matter though. Security breaches reported in the news so far usually don't include cloud service providers. Exactly why is debatable, but providers and their customers often cite a reason as having security experts on the provider's staff, concentrated with all their experience scaled across the entire cloud they provide.
Those with any true concern shouldn't be comfortable just yet. What about the cloud provider themselves, and their employees?! A rational person would be quick to notice and respond that it's in the cloud provider's best interest not to violate trust of their customers.
So there it is. We can all breath a sigh of relief and rest easily now on our comfy clouds knowing they are safe with providers and their security experts.
Unfortunately, this isn't the correct approach. Even if true, and it might very well be, customers should regard cloud as convenience only with added insecurity of their systems and data being in others', with root access and possibly malicious intent, physical control. Gamification if you will, in that it should incentivize cloud customers to implement security from where it should start anyway; project inception.
Let's face it. Security and privacy should be an active campaign by us all, and not a passive matter left up to cloud providers. Having large attack surfaces and the public target exposure they do, cloud providers are constantly fending off attacks. Cooperation from customers to also implement security themselves and having such a well-recognized cooperative cloud campaign with providers would, not only be a good backup defense should cloud security be breached, but also do well to discourage attacks on cloud providers from being considered. Even from within.
As a subject, cloud computing is a about as big as real clouds. And just as faceted (e.g. cumulus, stratus, etc.), in that what it means and matters to organizations differs significantly. This will necessitate a series, so please look forward to more articles here on the subject of cloud computing.