The cloud is cheap and versatile and 'doesn't need to be run past IT'. This is a strategy we see in a lot of organisations. However, 'the cloud' is no single entity. There are many different clouds and suppliers of SaaS services. Some do a better job of IT security than the client organisation could. Others focus exclusively on the functionality they want to offer their clients and do not pay as much attention to IT security as is needed.
How do you know whether your cloud or SaaS supplier is secure? The answer is simple: an IT security test. SaaS and cloud suppliers should not consider IT security an afterthought, but a critical factor for success.