So what does the Wikileaks saga have to teach us about Cloud, if anything? Actually I think that there are a number of lessons to be learnt.
1) The first lesson actually has nothing to do with the Cloud and certainly nothing to do with the debate about private versus public Cloud. Without people leaking data to Wikileaks, there would be no Wikileaks; Wikileaks is not about hacking really, it's more often about people already having access to the data taking it away with them and leaking it.
Make sure that only the people who need access to the data have access to the data and make sure the distribution of such data is controlled. Flashdrives etc are very convenient but they also make it relatively easy for someone walk away with large quantities of data. The move to towards 'Bring Your Own Device' type Corporate IT could open new conduits for 'data theft'. Be aware, you may be allowing people to bypass your perimeter security and that brings risks.
2) The actions of your Cloud provider may put your own environment at risk. If you decide to run your systems in the Public Cloud, if your Cloud provider does something which leads it vulnerable to attack etc; your services might be impacted. Obviously, this is true of not just Cloud but any hosted environment or even arguably any service provider. For example, your network provider may manage to piss off a number of people and find itself under a DDOS and this might impact your operations.
However, most sensible organisations ensure that they have their network services provisioned from multiple network providers. You should apply the same principle to your Cloud environments; running in the Cloud does not abrogate the requirement for proper DR and BC planning. If the EC2 Cloud goes down and you have no way of carrying out your Business; you are pretty much guilty of negligence.
3) Amazon's Cloud is remarkably robust and it has certainly survived a number of DDOS attacks over the past few days; whether the outage last night in Europe was due to a hardware failure or a DDOS has yet to be fully revealed. If I was an AWS customer, I would be more concerned about a hardware failure/issue having such wide ranging implications; if it was a concerted attack against Amazon, well the fact that they managed to get themselves up and working again so quickly, that's pretty impressive. If your organisation underwent a concerted attack, would you recover as quickly?
Hopefully Amazon will disclose everything that went on and allow us all to learn from the events.
4) Understand the 'Terms of Service' of your providers; if your actions endanger service to all, you might find that your service is withdrawn as a precautionary measure. You may feel that this is censorship but at the end of the day, if your service provider takes a business decision to sacrifice your service to protect the rest of their customers and their business; that is something that you are probably going to have to live with.
5) The Internet still often operates like a wild frontier…beware of signs saying 'Here Be Dragons', they may be telling the truth.