One of the beautiful things that follows from the IT Cloud being an extended use case of the Web, is that all the work done on Web security-related standards over the last 10+ years applies directly to the IT Cloud.  It is almost like these standards - SAML, SPML, XACML, WS-Security, WS-Trust - were designed with the Cloud connected IT world in mind; which in fact they were.  These standards are directly related to the enforcement and management of security across various security domains.  They help ensure that my security system will talk to your (customer, partner, or cloud service provider) security system when we split-up and integrate our applications and data across the Internet using Clouds.

So what is the problem here?  Aren't the security problems solved then?  No, they are not.  What the Cloud industry lacks is standards adoption.  The security software vendors have done a good job enabling these security standards in our products (apologies for the indulgent self-congratulations), in part because we see demand for them in more traditional enterprise Web security applications. The new Cloud industry overall is behind in adoption, but I still have hope.  I suppose I must be patient as the Cloud industry is still relatively immature.  One promising exception has been the adoption of SAML for federated SSO by many of the big Cloud names.  This was highlighted at last summer's Burton Catalyst conference via an interoperability event. 

The problem is if we as an industry don't aggressively push on the use of security standards for the Cloud, then we are destined to be wallowing in proprietary Cloud security implementations and the insecure and expensive application security silos that come with them for the rest of our careers.