Schumacher Group takes security seriously, Menefee said, but as a mid-sized company with only three IT staff working full time on security, he trusts large cloud providers to do it better. "We get the same level of security with Salesforce.com as any large company using that service," he said. "I'm using the economies of scale."

Schumacher Group stores sensitive data only with providers that comply with the U.S. Health Insurance Portability and Accountability Act (HIPPA), Menefee said. He recently started a project to deploy Google's online productivity tools, but Google is not HIPPA-certified, "so no patient data gets stored there," he said.

Schumacher Group is not a publicly traded company, he noted, and its legal requirements for security are less complex than for public entities. Some large enterprises, especially in areas like finance, will have greater concerns about security, noted Jean Bozman, an IDC research vice president.

Still, one audience member here, admitting that the idea was "counterintuititive," said security concerns may actually drive companies into the cloud.

"It is becoming almost impossible today to secure the enterprise, the cost and complexity are moving so fast," he said. "If you go to the RSA [security] conference, the major vendors will tell you every year that their next release will solve all these security problems that you have today. But they never do."