Cloud computing does not guarantee information security in the short term, according to participants in a panel debate at (ISC)²'s SecureLondon conference.
Protecting data is one of the biggest challenges because of all the unknowns, said Mark Logsdon, deputy head of information risk management at Barclays.
Data vulnerabilities will be great in the next two years, said Jason Creasey, head of research at the Information Security Forum.
Privacy concerns will limit what organisations and individuals are willing to put in the cloud, said James Rendell, UK technical manager, IBM Internet Security Systems.
"Recovery from identity theft is painful," he said.
According to Rendell, major improvements to the cloud computing model will have to take place before there is a significant shift in attitude.
Creasey said it was probable that cloud computing will become the norm for business organisations, but it will take 10 years for the model to mature to that level.
He said securing personal data in the cloud may lead to universally tighter controls on they way data is handled. "It could mean a step closer to a Big Brother scenario."
The panellists agreed that most enterprises were not yet putting mission-critical applications or data in the cloud and will adopt it in phases as the model matures.
Cloud computing service provider Google insists that the model can already provide higher levels of security than most in-house IT.
Most businesses do not have the security intelligence gathering capabilities and resources to match Google's, said the firm's enterprise security director Eran Feigenbaum.