To reduce data breaches from cloud services, seek out providers who ensure functionality is ‘secure by default’