Too many decision-makers still cling to the outdated notion that in order to have a secure system, you need to have physical access to your servers.
They want to be able to have someone look at the servers at all times. It's kind of cute, actually. It's like a little kid who wants to check under the bed for monsters before they go to sleep every night.
But moving to a cloud-based solution doesn't mean that a company's systems are any more or less secure. All it means is that they need to change the way they think about security.
The on-premise approach was to dedicate the entire security budget toward protecting the perimeter of the system and controlling access. With a cloud approach, IT management must look to incorporate security into each layer and application delivered through public cloud systems. With a private cloud, you can look to extend the security protocols already in place. That can be a particularly nice perk if you're dealing with tight regulations or budgets.
If you're dealing with a hybrid cloud, there are a number of methods to secure your deployment. First, start with secure file sharing tools to ensure compliance.
Next, incorporate controls to manage access to various data, databases and applications, and use identity management tools to dynamically adjust user access levels.
And as access control becomes more and more ingrained, roll out single sign-on procedures. You can send out emails about password security all you want. But if employees have too many passwords for too many systems, you know they're going to start writing them all down, and no one wants that.
But once you've incorporated security throughout your cloud systems, you're no less secure than you were with an on-premise system. It just takes a different way of thinking to see things that way.