This paper develops a categorization of cloud security risks, elaborates how they impact information security, and discusses potential security benefits from cloud sourcing. This review integrates the literature on information systems and computer science to summarize managerial and technological mitigation measures that enhance cloud security. The analysis uncovers gaps regarding the empirical investigation of security considerations in the corporate decision-making process. Specifically, the micro level of how security comes into play in the decision-making process and whether mitigation measures proposed by scholars are practically feasible requires further investigation. Furthermore, the macro level, how stakeholders perceive cloud sourcing, is not yet well understood.