Is this really a big change?
My gut feeling is that the kind of organisations that share sensitive information with dodgy and/or inexperienced cloud players who are likely to have these sorts of hiccups would be about as likely to have inadequate internal safeguards of their own if they stored the data you shared with them onsite.
I suspect, therefore, that Cloud has added an extra layer of complexity to an existing corporate security question rather than creating a completely new question.
With that in mind I suspect that whatever corporate controls are in place to deal with data sharing and risk need only a small tweak to deal with the new technology.