Ashley Podhradsky, the Assistant Professor of has studied the security issues with cloud storage, and is also a member of the . She says one recent strategy with cloud storage is for the cloud infrastructure to integrate directly into an on-premise data center.

"This allows the corporations network administrators to control cloud access through services such as Active Directory and LDAP (Lightweight Directory Access Protocol, an Internet protocol for accessing data). The encryption keys are starting to be managed on the corporation side opposed to the cloud provider, which aims to include the corporation into more of the security practices," she says.

Thankfully, most cloud vendors have clear policies about who owns the data. Aaron Messing, a technology and information privacy attorney with *** (), says there is not much debate about the fact that the enterprise owns the data. He says there are vagaries about how quickly data should be destroyed upon request (say, within a specific timeframe), or whether the vendor is blocked from sharing any data publically (such as e-mail addresses or customer lists).

Beyond studying the agreement with the vendor, and negotiating the terms that make sense for the type of data you will be storing, Messing says only certain types of data are appropriate for the cloud.

"We strongly recommend against storing any type of personally identifiable information, such as date of birth or social security numbers in the cloud. Similarly, sensitive information such as financial records, medical records and confidential legal files should not be stored in the cloud where possible," he says.