The answer to this question can be found in the old Russian maxim, which was often quoted by President Ronald Regan: trust but verify.
Cloud services are outside the direct control of the customer organization; this means that a governance based approach is needed. This approach allows trust in the CSP to be assured through a combination of internal processes, standards and independent assessments.
In this podcast recorded at RSA Conference Europe 2012, Mike Small, an analyst at Kuppinger Cole and member of ISACA, offers his top ten tips for assuring cloud services.
Press the play button below to listen to the podcast: