IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
One shouldn't just assume that everything is handled by the provider, even if their sales representatives try to make it sound as such. That adage "trust by verify" is pretty accurate - first you'd make a baseline assessment of what the cloud provider says, and run some tests where possible. But it's also a good idea to try to come up with your own policies or procedures that won't place private data at risk on the server. For instance, I'm often asked for my social security number by folks who have no business capturing that kind of data. You might want to look at the data your company is storing on the cloud, and make a determination that some data needs to be hashed and salted, then encrypted in such a manner so that when it's on the cloud, it doesn't pose a risk.