The Bureau of Engraving and Printing web site is back up. I am not sure when it came up but I thought I would conduct my own uninformed lessons learned.
My initial impressions: The cloud has the same problems that other platforms do.
I am not a cloud apologist, but I think that we can all agree that application security sucks as a general rule and not enough people are listening to OWASP.
So while I would love to throw "cloud" or outsourced services under the bus, this is an application vulnerability that could happen to any site. It is a "failure to assess" as opposed to a "failure to communicate".
There is a decent wrap-up of the whole thing here: http://www.federalnewsradio.com/index.php?nid=19&sid=1951253 My problem with that story is the last paragraphs that talk about staying patched and using anti-malware software. But at least he agrees that it isn't necessarily cloud related.
The bottom line for me is that "it's the basics, stupid". Cloud, not cloud, embedded, virtualized, whatever. It all comes back to the same types of problems and there is no easy fix.