If you don't trust the security of the cloud, but aren't completely sure why, it's possible you haven't gotten your hands dirty enough to figure it out. That's true especially if you know everything there is to know about how to secure your corporate networks and servers against all threats. Your servers in the cloud are the same as they were in your data center. Only the IP addresses are different.
"The cloud" is not Oz; it's a data center. It's someone else's data center. It might work better than yours, have plenty of resources it can rent you whenever you need them and someone who smiles and speaks politely when you call with a question or a problem (rather than the incomprehensible argot of scowls, growls and obscure acronymicry sysadmins use to fend off meddling even from highly technical managers).
"The Cloud" is luxury co-location, hosting services with ease-of-use functions that actually ease use; outsourcing without the complete loss of control.
Even in a luxury hotel you have to lock the door
You have to secure things you put in the cloud; you have to maintain software and data you put in the cloud; you have to keep track of data you put in the cloud, what apps can use it, who can access it and what they can do with it.
Three and four years ago I thought all those things were so obvious anyone interested enough to ask about them would probably understand them already.
But people buy into "The Cloud" as a way to make more IT available to their companies without the incremental addition of workload every new IT resource inside the firewall requires – security, maintenance, lifecycle management, data controls.
It's not really fair, but even in the cloud, there's no way to avoid that. Every server you put in the cloud has to be managed and secured and audited and monitored, just like any server you put inside your firewall. The only exception is SaaS, which runs on someone else's server and doesn't give you any control of the app itself.
If it's your server, your app, it's your problem, even in the cloud. Ignore that rule and something terrible will eventually happen and it will be your fault.
So if you're one of the 20 percent of IT managers who don't secure their servers at all or leave all the security to their service providers, do your bit to keep the unemployment rate from increasing: go secure your servers.