The (CSA) and the released their agendas of threats to cloud services that need to be addressed, with CSA's detailed filling up 83 pages that detail 15 areas of security concern.

At the same time, the Europe-based group served up an outline of threats it perceives. A much smaller group, Jericho Forum acknowledged that CSA had thrown more people at the problem and come up with a more complete document.

But the groups are in agreement on what needs to be done. , a security consultant who wrote the architecture section of the CSA paper, shuttled from his group's launch over to the Jericho Forum event, listened and supported it. "Your concepts make sense," he said.

The groups, which tout members that include large corporations such as DuPont, Eli Lily, eBay and ING, need to use their influence as major customers to demand products that address cloud threats, Hoff said. "It's the large end-user organizations that will drive it," he said of the cloud-security best-practices push.

Issues addressed by both groups are wide ranging and include recommendations that planning what to do if the contract with the provider is terminated and understanding where data is located and how they are controlled.