It\u2019s highly likely that cloud security will be one of the hot topics at this year\u2019s RSA Security Conference coming up in February. Yes, there will surely be a lot of rhetoric and hype, but this is a very important topic for our industry to discuss as cloud computing continues to gain momentum with enterprise organizations. While information security is still the primary concern around cloud computing, enterprise organizations aren\u2019t holding back on deployment, albeit with non-sensitive workloads for the most part. So what are the IT risks associated with using cloud-based infrastructure? ESG recently surveyed 211 security professionals working at enterprise organizations (i.e. more than 1,000 employees) and asked them to identify the biggest risks associated with cloud infrastructure services. Here\u2019s what they said:\u2022\t33% of security professionals say that the biggest risk associated with cloud infrastructure services is a, \u201clack of control with security operations directly related to cloud-based IT resources used for internal purposes.\u201d In other words, there is still an IT operations gap between cloud-based infrastructure and internal activities. \u2022\t31% of security professionals say that the biggest risk associated with cloud infrastructure services is, \u201cprivacy concerns associated with sensitive and\/or regulated data stored and\/or processed by a cloud infrastructure provider.\u201d The name Edward Snowden comes to mind \u2013 no surprise here. \u2022\t29% of security professionals say that the biggest risk associated with cloud infrastructure services is a, \u201clack of security visibility into cloud services infrastructure.\u201d As the old saying goes, \u201cyou can\u2019t manage (or in this case secure) what you can\u2019t measure.\u201d \u2022\t28% of security professionals say that the biggest risk associated with cloud infrastructure services is a, \u201csecurity breach that compromises the cloud infrastructure service provider\u2019s infrastructure.\u201d If Coca-Cola, the New York Times, and Target can be breached, why not Amazon?\u2022\t27% of security professionals say that the biggest risk associated with cloud infrastructure services is, \u201cpoor security practices by a cloud service provider.\u201d Cloud providers are not immune to the global security skills shortage. \u2022\t26% of security professionals say that the biggest risk associated with cloud infrastructure services is the, \u201crisk of a network breach between internal networks and cloud service providers.\u201d Network security risks are always top of mind with enterprise security folks. Here are my take-aways from this list:1.\tSecurity professionals see risks in all areas: people, processes, and technologies. This means that cloud infrastructure providers have some work ahead to educate the market as to how they plan to mitigate these risks.2.\tVisibility and control are critical. This means that internal security tools must be extensible to the cloud and some vendors like McAfee and Trend Micro are providing this bridge. Alternatively, new vendors like CloudPassage, HyTrust, Okta, and Ping Identity have an opportunity to link the internal and cloud worlds.3.\tSecurity professionals remain suspicious about cloud provider skills. Enterprises are having difficulty recruiting security professionals and the most security organizations in the world are experiencing embarrassing security breaches. Consequently, security professionals believe that cloud providers must be experiencing the same problems. Since this is a fair conclusion, cloud providers need to fess up to these issues and tell users how they plan to address them. The Cloud Security Alliance (CSA) understands these risks and is working with the industry to acknowledge and address them. Good thing as the cloud train isn\u2019t slowing down. Stay tuned to my blog, ESG cloud computing guru Wayne Pauley and I will monitor and report on cloud security developments as things progress.