The most common cloud worry I heard from security professionals, one repeated over and over again, was about API keys. Most organizations use API keys to access their cloud services, and they represent the keys to the kingdom.

"API keys are a huge issue," Sweet said. "If I know where to look on the server for your API keys, and I manage to get them, I own your cloud deployment."

API keys must be protected. It's not uncommon for IT administrators to do such risky things as email them to one another or store them in a configuration file that's not terribly difficult to uncover.

API keys must be protected, kept in a secure, encrypted location, inventoried regularly and must only be given out to those who have a valid reason to access them. Alternatively, Cloud Brokers can handle API keys for you, but just be aware that you are outsourcing a critical piece of your cloud security to a third-party.