I see two major issues with the Cloud.

First, no matter what the provider says, they cannot guarantee access times because their domain of control ends with the Internet provider, and they can (and do) blame slow access times on network delays. That makes enforcement of any SLAs difficult and Cloud risky to use on online systems with their own SLAs tight.

Second, there are legal issues, aside from the HIPAA mentioned by cfradenburg. To give an example, most American states and all Canadian provinces require that pharmacy data is stored on the premises, so any audit can come, lock the door, unplug the computers and do all audit offline. Similar rules apply to other verticals. Cloud providers, or at least their marketers, seem oblivious to this fact.