Comment Re:I'm on the fence (Score 1) 407
There is always potential for abuse, regardless of where your data is hosted. Wikileaks gets their thousands of documents from persons that supposedly are authorized to be effective stewards of critical information.
For FISMA and the more stringent DIACAP, no one just takes your word for it that it's secured. You demonstrate that security, and the auditors tear you apart. Now, it could well be that it's not 100% secure - it depends if you actually believe in 100% security (I don't). You make risk assessments pertaining to the value of the data you are protecting, and put up controls that reasonably protect those assets.
I've built both FISMA (NIST 800) and DIACAP hosting environments.
It is neither fun nor easy, but for many use cases, it makes as much sense as any other cloud solution.