Service level agreements that provide guarantees about data access and transparency of data handling processes are still a big hole, said Bill Mann, senior vice president of strategy in CA's Security Management business unit.
Few service providers are able to answer enterprise questions about who is able to access the data, he told delegates at the Gartner Information Security Summit 2009 in London.
Enterprises also need assurances on what technologies providers are using, how they are ensuring security and privacy, and how they are keeping applications separated, he said.
Policies around data retention after the service has been terminated, is another area that providers need to be clear about, said John Turner, vice-president EMEA technical sales at Symantec.
Businesses cannot assume that service providers will have the same level of protection around data that they use in-house, he said.
The degree to which enterprises are able to hold service providers to account will determine the extent to which cloud computing is a panacea or a Pandora's box, said Turner.
This article was first published by Computer Weekly