When it comes to cloud applications the responsibility of the security lays on the shoulders of application developers and cloud platform providers. Microsoft handles its role by providing Windows Azure which runs in geographically dispersed datacenters that comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability.

Although Windows Azure itself is definitely secure, the cloud exposes more surface area for your application that can potentially be exploited by attackers. This occurs because some of the technologies and services in the cloud are exposed as end points vs. in-memory components.

This leads to a fact that developers who design, develop and maintain cloud applications have a big responsibility to handle their role to high security standards. At the end of the day an insecure application in the cloud is not secure.

There’s a good overview of Azure security on the Azure site at Technical Overview of the Security Features in the Windows Azure Platform. And even more information at Windows Azure Trust Center, including specifics on standads compliance and certifications.