An article on Cloud Security: Good Bad and Ugly highlights some of the FUD. The questions asked are very much valid (I have updated a few with my interpretation):
- Who audits (security, data storage and use, updates to provider infrastructure may change security threat model, etc) a Cloud provider?
- Are background checks done on the Cloud provider operators?
- How is data stored on Cloud provider protected - from hackers, Governments, disaster, etc?
- Some Cloud providers have teamed up with boutique security consulting firms. What does it really mean?