1) Performance. The recent problems with Twitter ("Fail Whale") and Steve Jobs' embarrassment at the network outage at the introduction of the new iPhone don't exactly impart warm fuzzy feelings about the Internet and network performance in general. An SLA can't guarantee performance; it can only punish bad performance. And a critical application is just that, critical.
2) ROI: What has driven the initial stages of cloud computing (that is, software-as-a-service and, to a lesser degree, infrastructure-as-a-service) makes sense mostly as a function of short-term return-on-investment. What about the long term? Does operational expense always trump capital expense, at least in technology investment? And isn't it funny how initial cost savings always seem to dry up over time?
3) Market churn. Remember the dot-com boom? Something like that is taking shape in the cloud market, and will be followed by the inevitable slump (bust, crash, etc.). The cloud vendor you were counting on suddenly packed his tent and slipped quietly into the night? Now what? And who has your data? (This argues for engaging with major players rather than startups.)
4) Privacy. It usually gets packed along as a second cousin to security, but they are really two separate issues. The lawyers have only now woken up to the business implications of cloud computing, and responsibility for data is a major one. Don't be lulled into thinking the cloud vendor assumes all liability for privacy problems.
5) Security. Of course this is still a problem. Signing a cloud contract without knowing your vendor's security architecture isn't smart. It comes down to an awareness of vulnerabilities, both yours and your vendor's. Think of it as a security partnership.
These are my top five. Am I off? Where do you see cloud computing at its most vulnerable, in terms of technology or business model?And security isn't at the top of list. In what areas is cloud computing still vulnerable? Hint: They aren't all technology related.