One of the common misconceptions is that security is the responsibility of the cloud provider. Where as it is is true that the cloud provider needs to secure the infrastructure, what actually happens inside the application and how it has been coded is your responsibility. Applications must undergo penetration testing and security code review to ensure that they are secure.
Cloud services promise to provide flexibility, scalability, measured service and certain cost efficiencies, but also present additional security risks associated with authentication, access and storage of government data. The total economic cost and different security elements of cloud services must be fully understood when evaluating cloud computing in general and the various deployment models (public, private, hybrid, community).