All this stuff you're saying is possible and may very well be true eventually, but not in today's Enterprise-world.
On Enterprise-planet, all this "Cloud" talk is scary and you can't quickly conceptualize PCI compliance with some computer in the sky somewhere; nor can you conceptualize who/where a consultant will be to fix your problem immediately if a problem arises. Your IT department are a bunch of inflexible people who refused to learn anything beyond what they were using 20 years ago and will tell you "Cloud isn't safe! Didn't you hear on the news how such-n-such got hacked?" I have no problem accepting that you're right; I'm just telling you that Enterprise-world doesn't care how right you are. Nobody ever got fired for choosing IBM, Oracle or Microsoft. There's no thought-process beyond that point. You join the company, learn how they do things and do your best not to rock the boat or suggest any new fancy things that might make your coworkers antiquated skillset obsolete... or you will be back-stabbed.
I work for a semi large Network and Hosting provider in Europe that is trying to provide Cloud for our Enterprise customers. We have banks and large financial firms that are "very excited" about the project, which basically means that they understood the buzzwords.
Cloud in the Corp. world normally means VMWare vCloud (which we are now offering) or just VMWare ESX hosted in a remote datacenter.
So "the cloud" does exist in the Corp. world, its just that they are on average 5 years behind the rest of the tech world. I also think that a lot of these companies need to be 5 years behind, as their decision process on anything except cost savings normally takes months to complete with feature creep etc.
I have worked in enough enterprises that the above is both true and false. True in the pathological cases, false among some surprising leaders. I have seen people get fired for choosing Oracle and IBM, massive investments by enterprises into Amazon cloud (they're $6b and rising), adoption of (actual) agile processes and cloud platforms.
PCI compliance is a solved problem, whether it can be used as a cloud cudgel says more about the state of knowledge and power at a place than reality.
The future is already here, it's just not evenly distributed.
On Enterprise-planet, all this "Cloud" talk is scary and you can't quickly conceptualize PCI compliance with some computer in the sky somewhere; nor can you conceptualize who/where a consultant will be to fix your problem immediately if a problem arises. Your IT department are a bunch of inflexible people who refused to learn anything beyond what they were using 20 years ago and will tell you "Cloud isn't safe! Didn't you hear on the news how such-n-such got hacked?" I have no problem accepting that you're right; I'm just telling you that Enterprise-world doesn't care how right you are. Nobody ever got fired for choosing IBM, Oracle or Microsoft. There's no thought-process beyond that point. You join the company, learn how they do things and do your best not to rock the boat or suggest any new fancy things that might make your coworkers antiquated skillset obsolete... or you will be back-stabbed.