Security concerns regarding the cloud services offered by service providers have become counterproductive. They also divert the attention of information service and cloud security directors from their tasks, which consist in putting organizational, security and policy processes in place to prevent errors in cloud security and compliance. Gartner predicts that, by 2020, 95 percent of cloud security failures will be the customer's fault.

Naively believing that the service provider is entirely responsible for the client's security points out the fact that many companies neglect to manage their employees' use of external applications. In this way, employees can freely transmit massive amounts of data, often inappropriate, to other employees, to third parties or even to the whole wide web.

Practically all public cloud computing platforms are offered by services highly resistant to attacks and, in most instances, they represent a more secure starting point than most traditional internal systems. An insignificant number of security incidents affecting companies using these platforms can be blamed on vulnerabilities on the service provider's end.

The cloud computing business model offers service providers enormous incentives to focus on security, who generally make it more so a priority than the organizations that use their services. These providers have the means to hire highly-qualified system and vulnerability administrators and the economies of scale they create enables them to ensure 24/7 security surveillance and intervention.

Nonetheless, organizations shouldn't assume that, because they use cloud computing services, all related operations are secure. The features of certain areas of the cloud computing stack that the client controls can easily lead unexperienced users to adopt bad habits, which can in turn result in widespread security and compliance faults.

In the end, it is the organization's responsibility to have control over the cloud. To ensure the safe an compliant use of public cloud computing platforms, companies must put in place and apply clear policies concerning the cloud's use, as well as risk acceptance processes.

By failing to adopt a strategic approach regarding the use of cloud computing, companies could find themselves in a situation in which they are unprotected, inflexible or uncompetitive.