Phil Windley has this interesting post on Cloud Security. There are a lot of good thoughts here, but this one stood out:
Host intrusion detection systems (HIDS) work fine on cloud infrastructure, but are hard to do at higher levels of the stack. Network intrusion detection systems (NIDS) are impossible to do at most providers. The traditional notion of “perimeter” is not necessarily available in the cloud.
Nor anywhere else for that matter, I would add. No notion is more irrelevant today than perimeter security, yet it continues to be the cornerstone of many organizations strategy. I always suggest keeping the perimeter in place but secure everything behind it as if it doesn’t exist.