Statistics from a small start-up firm stated that "... only one in ten cloud apps are secure enough for enterprise use..." from a cloud. That should be viewed with skeptical caution.
1. >100 small outsourcing firms are putting a label "cloud" on their conventional services without sufficient elaborate and costly tools that is needed to increase the quality of their software from 99% to 99.9%. Small outsourcing firms have not been able to demonstrated that the reliability of their security countermeasures is meeting the high standards that are now necessary to counter increasingly capable attack scenarios/
2. Only a few major cloud firms (such as AWS, Google, IBM, VMare and Red Hat) have so fare made the necessary investments in increasing their platform reliability. Even then their services cloud services reman buggy and require additional safeguards to bring them up to higher standards.
I favor cloud offerings that offer primarily hybrid PaaS platforms that are based on recent innovations, such as sand-box virtualization and open source interoperability.
Experts should provide guidance to clients on how to qualify a cloud vendor with assistance from an experienced consultant that is unrelated to the cloud firm. Shifting to cloud operations is perilous. Usage statistics are meager and do not as yet justify the prevailing hype that appears to assign high levels of quality to cloud providers.
When selecting cloud services the vendors should be able to demonstrate that software quality metrics are far superior.