Part of this, of course, could be a simple matter of semantics. Some have emphasized Epsilon's role as a provider of email marketing services -- in other words, it's a SaaS company -- but the breach was a traditional spear-phishing attack used to gain access to email servers, not, say, an assault on hypervisor vulnerabilities.

Cloud providers, such as Dropbox and Google, have had their issues, but the major cloud-related problems have involved outages, not data being breached.

[]

As more enterprise resources move to the cloud, it's inevitable that we will start hearing more about cloud incidents. Minor breaches have already hit GoGrid and the Microsoft Business Productivity Online Suite, but we've yet to see anything on the scale of TJX, the VA, RSA or any number of other on-premise breaches.

That doesn't mean that cloud-invested businesses can breathe easily. "Attacks that work now work so well that you don't have to come up with a new, complex attack methodology," says Chris Eng, vice president of research for , a provider of cloud-based application security testing services. "Cyber-criminals aren't going to spend a lot of time to come up with a new zero-day attack if they can just use the same old SQL injection attacks that have worked for years."