The Insecurity of Secure Clouds

In light of the recent Google hacking, businesses might reconsider their cloud-based strategies. Ostensibly cloud-based services can offer business a better security profile at a lower price point than would be possible if companies built the services themselves. Take data centers, for example. Building a modern data center can cost hundreds of thousands of dollars with security measures constituting a hefty price tag encompassing, but not limited to, security cards, biometrics, dry contact sensors, IP-based camera surveillance, security guards, fire suppression systems, and power generators.

Joining a large group let's you distribute those costs, but it also has an adverse effect of clustering  those accounts under one big- usually very well known- name.  When it comes to safety, there has always been an unwritten rule that says anonymity presents fewer dangers.  When one runs his own data center, then typically, far fewer people are going to be aware of its existence than would be aware of Google (App Engine) or Amazon (EC2)- to mention a couple or for that matter the names of the other clients sharing that datacenter.

The better known name coupled with the far greater resources makes them much bigger targets for hackers and thieves looking to steal information and capital.  You can be sure, there is going to be no consideration spared when the big target it hit, either.  There, it seems that investing ones resources on a cloud-based app only serves to increase risk, in contrary to popular belief.

So is it safer to maintain the low profile that comes with a self-run center or is the hype true?  Are clouds the safer way to build your company's IT strategy? I'd be interested to hear what you think.