Executive Summary (This is a document excerpt)

Architectural planning for an organization's use of cloud computing products and services should focus first on the biggest differences between cloud computing and traditional computing options, and security and risk management (SRM) concerns are among the biggest and most-important differences. With on-premise computing, your organization controls all (or nearly all) the factors that affect security, and with traditional outsourcing, you can demand (and pay for) whatever security measures you need your provider to take. With cloud offerings, customers typically have little control over and little visibility into some of the important aspects that affect SRM. Architects must clearly understand the nature and implications of a cloud offering's effect on SRM to ensure that their organization does not incur undue, or even unknown, risks.