I disagree with these:
DLP is not going mainstream. The idea that companies can deploy control technology to stop data leaks at the gateway is ridiculously expensive and convoluted. There are more benefits to be gained by education of users than purchasing and deploying expensive gear to try and stop electrons from leaving. Especially when said solutions cost an arm, leg and torso.

Cloud aka Smoke. Growth will track hype. I don't think there are manifold benefits especially if company has properly aligned IT operations with objectives. In such cases, proper policies, controls and management can keep things humming along nicely.

PCI...means complexity. Not that good practices are bad, but the credit card industry has set a very high, expensive bar. If you play in their sandbox they require you to submit to their PCI DSS examination. It's thorough and complex...and you know you've gone thru it. But does it apply to every other non-credit processing entity? Nope. PCI, to me, is just an excuse/justification to try and sell more expensive, complex technology...

I agree on many of Rich Mogull's points but share the opinion of the previous comment related to money being better spent educating users rather than using another security technology (DLP or otherwise).

As to the value of cloud computing, I see many parallels with how the markets embraced outsourcing, over indulged, and eventually found a balance. In the case of cloud computing, one has to balance the loss of control with the gains on flexibility and scalability. Security in the cloud is as of yet uncharted territory.