With companies now putting their most sensitive data and applications into the cloud, they're starting to worry a lot more about the security of such services. While they can transfer the data or applications to the cloud, they can't transfer risk and liability, even if they can't really tell what's going on inside a cloud service.

If your company uses cloud services, ultimately, your company is responsible and liable from a legal perspective for protecting your customers' data -- it's not the cloud provider's liability. Privacy and compliance can be more of a headache in the cloud as cloud providers store data across the globe in a variety of datacentres, whereas legislation such as the EU Data Protection Directive lay out strict rules for how organizations must process and store personally identifiable information, and how it can be transferred across international borders.


A wave of startups are developing products which aim to make up for the weaknesses of classical perimeter-based security systems by being able to find, analyze, and control corporate data across bare metal, virtual machines, IaaS, PaaS, and SaaS.