The argument about security of client confidential data stored in the cloud has resurfaced over on Accountingweb.
What always surprises me though is that any talk of hosting data remotely seems to attract an inordinately negative commentary about perceived security concerns; compared to "controlled" systems such as a physical server on one's own office.
Professionals have been storing confidential client data on their own servers, PCs, laptops, portable hard drives, USB sticks, DVDs, CDs, floppy disks AND paper files for decades (centuries in the case of the latter). This data is, indeed, capable of being used by the unscrupulous for many nefarious purposes. Yet there is no hand-wringing over the (lack of) security these media provide. This is because we are all familiar with these traditional methods and, by comparison, cloud storage is new.
If you challenged me to get my hands on your confidential data, offered me a substantial cash sum (and immunity from prosecution) I would attempt real-world physical access to your data in preference to the much harder digital attack every time. Unless you have data centre (i.e. almost military) levels of physical security over your office and/or home premises I would opt to engage the services of common criminals to break-in, put your server under their arm and walk right out again. Whilst ransacking your offices, they could also collect assorted portable drives and disks (and paper files) that will likely be pretty easy to find and pick up.
Hell, it might not even be that difficult. If you conscientiously take your DAT tape backup from the server home with you each evening, my newly-hired unsavoury cohorts could simply mug you in the office car park.
The point I am trying to make is that if firms undertook the same kind of audit on their existing security vulnerabilities as they demand in respect of prospective cloud storage solutions, they would quickly realise that data is much safer with professionals: in a secure, purpose-built facility that a) makes physical access impossible and b) is staffed by specialists whose only job is to employ the most robust digital security available and monitor it 24/7 365 days a year.