A recent Threatpost article http://threatpost.com/en_us/a3t where Greg Hoglund comes pretty close to ranting about the actions of Anon and that they did not “hack” HBGary – they just weaseled their way into the HBGary Google account – does illuminate some of the issues with using Cloud services.
You see, Greg tried to do some damage control upon discovering some level of intrusion was underway, but had to go through a Google call center in India where he got no love. In the article Hoglund has a few pointers of his own, but I would advise doing your research and consider what all the possibilities are.
If this had been a physical server in an accessible location, a sysadmin could isolate the affected system, remove it from the network, image the drive for forensic purposes and start the incident response machine.
I remain ambivalent about the cloud – it’s not all lollypops and candy canes.