It is really an easy one, I suppose … so many business and IT decision makers told me that as the reason of not implementing / migrating their systems to the cloud.
However, truth is that data and systems residing in public or private clouds are as secure as you make them. Typically, cloud-based systems can be more secure than existing internal systems if you do the upfront work required.
For example, I am pretty sure the physical security, patch management and many other security measures are better implemented by Cloud Services Providers than your own IT department.
Check out the Security Guidance from Cloud Security Alliance and COBIT from ISACA for more details and the techniques, and I am sure you can implement a secure cloud system.
Cloud experts, any thoughts ?