One of the boasts made by software companies pushing cloud-based storage and computing is that the security around their servers is stronger than that of your office -- a claim I do not believe, because it cannot be proven.
And now The Register this morning reports that hackers have found a trivial way to compromise cloud security w-a-y over there at the client end, outside the thick-walled, spotlight- and machinegun-infested, barbwire-topped, moated bunkers housing the servers:
The ZeuS-based Trojan works by capturing a screenshot of the payroll services web page when a malware-infected PC is used to visit the site.
This information is uploaded, allowing crooks to obtain the user ID, password, company number and the icon selected by the user for the image-based authentication system...
This trojan horse is specific to financial services, because of the money that can be syphoned out. It is easy to imagine programmers authorized by certain countries using the same technique to access CAD and other data files containing intellectual property from which to produce knock-off products.
When small offices are broken into, the losses are small; when cloud services are broken into, the losses are huge. Eggs in a distributed egg hunt are more secure than the centralized basket of eggs.