One of the items that critics of clouds repeatedly hammer on is cloud security. It seems that having your data in the cloud on machines you do not control is very emotionally challenging to people. It also introduces real regulatory and standards compliance issues that you need to consider. In reality, the cloud can be made as secure as—or even more secure than—a traditional data center. The way you approach information security, however, is radically different.
A move into the cloud requires consideration of a number of critical security issues:
Legal implications, regulatory compliance, and standards compliance issues are different in the cloud.
There is no perimeter in the Amazon cloud; a security policy focused on perimeter security will not work with Amazon and should not be your focus, even with clouds that support traditional perimeter security.
Although there have been no publicized exploits, cloud data storage should assume a high-risk profile.
Virtualization technologies such as Xen may ultimately have their own vulnerabilities and thus introduce new attack vectors.
Unfortunately, the law and standards bodies are a bit behind the times when it comes to virtualization. Many laws and standards assume that any given server is a physically distinct entity. Most of the time, the difference between a physical server and a virtual server is not important to the spirit of a given law or standard, but the law or standard may nevertheless ...