Google wants us to think it is, but chooses a slightly unfortunate metaphor:
Cloud computing, when IT software and services are delivered over the web and through a browser, is a paradigm shift, similar to taking your jewellery out of your sock drawer and placing it in the bank. The bank has the economies of scale. It has guards, robust safes, video surveillance — much more than any security investment you can deploy yourself. The same is true with data. Cloud providers such as Google are equipped to protect millions of users' data every day. As a customer you get to enjoy these economies of scale at minimal expense. We have over 1000 people dedicated to Google Enterprise, including some of the world's best security experts who are helping to make sure that your data stays safe.
Safe as banks? - I don't think so. Rather more compelling is the following argument:
Most organizations take 30-60 days to install security patches on their systems which is a major concern in its own right. In fact, many companies I talk to admit it's closer to 3-6 months to install a security patch. This means that traditional IT systems and applications are open to known security vulnerabilities for a very long time. By contrast, we run a very homogeneous computing environment, so when it is time to patch we can do it in a rapid and uniform manner to all of our systems.
It's not only “homogeneous”, it's based almost entirely on open source software (as far as we can tell), with all that this implies for robustness. So, to that extent, it's probably true that for many companies, the server side of cloud computing is indeed relatively safe. But if they're still using Windows with all its vulnerabilities to access those servers, much of that security is squandered. Perhaps that's why Google is coming out with its Linux-based Chrome operating system...