Many times when I mention we are a "Cloud first" shop people ask if we are worried about security. The answer is no.
If security is not the first question, than it is about compliance. Actually I'll admit, I was a little nervous about compliance but not anymore.
We had our kick off call with out audit company (one of the big 3, 5, ?) and one of our key financial reporting systems changed from an old in house system to a nice shiny new cloud vendor. During our call we discussed any changes and I was sure that there would be a lot of discussion around this new system.
They asked if the cloud vendor was SAS70 certified (which is actually now superseded by SSAE16). I said yes and they said "Well as long as they have that and it covers the controls we are testing, that's all we need". Well and that they would want to see our project documentation and testing, but that's normal for any new system.
So if you are worried about compliance the best advice is get to the cloud sooner rather than later. Then compliance becomes someone else's concern.