While 82 percent of companies surveyed by CompTIA believe in cloud providers' capability to deliver a secure environment, in the cloud. 56 percent keep credit card data out of the cloud, and nearly half refuse to put sensitive intellectual property, trade secrets or HR records in the cloud.

The logic is clear: keep sensitive data behind the corporate firewall where it is more secure.

Unfortunately, that logic has a fatal flaw.

Sweet discussed a client CloudPassage worked with (who prefers to remain anonymous) who had development servers in the cloud. A hacker placed a rootkit onto one of the virtual servers. When the developers noticed something was off with their servers, they brought them back behind the corporate firewall to re-image them. Unfortunately, they brought the rootkit in with them, infecting their entire network.

"Virtual machines can server as Trojan horses if you're not careful," Sweet said.