Cloud computing may be more beneficial to security than many believe. I think it is fair to say that for most people risk would increase with a move to the cloud, so the real question ends up being whether the level of security will offset that risk so the net effect is positive (i.e. net risk ends up lower).

The useful thing about the cloud is that there is no hiding the increased risk – the typical enterprise is commingling information assets with other organizations, minimizing network security capabilities, and  providing more access opportunities to others. (Please let me know if you disagree with these assertions and why. And just to reiterate, that doesn't mean that the end result need be less secure.)

The good news is that organizations appear to understand this increased level of risk. In the same way nobody questioned the need for encrypted communications with Internet-based VPNs, it appears that there is a similar level of understanding that better security models are necessary.

Accordingly, we could be looking at a situation with much more "positive" or trust-oriented security – stronger authentication all around, more hardening of hosts, and encryption capabilities are much more likely than the facade of thinking about "insiders vs. outsiders" and that internal networks don't need extra security measures.

While I am still looking for examples of large organizations that are moving to the cloud (I think the interest level is appropriate for small and midsize businesses and potentially branch office activities, but that is about it at this stage), as long as security is factored in like this, it may be a net win for all of us concerned about information security.