In discussions around cloud computing, security is often highest on the list of concerns. There is an inherent perception that once data is outside of an organisation's direct control, it has lower overall security.
Let's flip the coin and look at this from a cloud provider's point of view. The provider knows that if it has a major data leak, there's no way to cover up the story. It knows that it has multiple customers, and that this makes the provider a tasty target for malicious parties that may want to steal data in general or target one cloud subscriber in particular.
The provider also knows that any data loss will need to be disclosed to its customers. It understands that such news will leak out to the press, and it will get (often more than) the coverage it deserves.
The cloud provider knows that data security is a necessity to maintain the very life of its business.
This requires distinct domain expertise. Your average commercial organisation will struggle to acquire and maintain such skills, whereas a large public cloud provider is sharing the skills costs amongst its customer base. The provider can afford to get the best people; it can afford to keep their skills current. It can work with specialist vendors in the security field to ensure that it has the tools and capabilities in place to provide effective data protection.
It can also focus fully on such security; as a cloud provider, data is its business. For your organisation, your business may well be retail, banking, pharmaceuticals, or whatever - that is where you need to focus.
The provider can focus on its data processes, as well. Providers such as Microsoft put in place highly specialised teams that are tasked with focusing on different areas of security. For example, a mind-set of 'assumed breach' rather than 'assumed secure' means that potential problems can be identified at a very early stage and dealt with before they become issues to users. You may also note whether a provider is independently certified to host highly regulated data, such as military or healthcare information.
Overall, for the majority of companies, it is safe to say that the security of data in the cloud is likely to be equal to or better than the security of data hosted on their internal systems.