This is a great list of security challenges, however it would be interesting to analyze which ones also exist in a non-cloud environment (and I think it is most of them), and which ones might be *better* addressed by cloud providers, given their size and their business imperatives, than by individual clients with lower limits on their own resources.
The idea that the cloud is less secure is often a myth, and management by paranoia doesn't work well.
This is similar to what happens with availability requirements: people read about a once-in-a-blue-moon outage at a major cloud provider, and say "that's unacceptable to my business, I need 99.99% availability." Then you ask them, "what's your current availability level on premises?" Blank stare... they don't know. Or if they know, it may be 99.5%.