Firstly, I wanted to give everyone a heads up that Zendesk got hacked recently, so it may be worth looking into if you use them: http://www.zendesk.com/blog/weve-been-hacked
In general, what are your thoughts on how cloud services (like Zendesk) should be handling their security? When should you hire a security engineer? What tools should you invest in: web security, network security, data tagging/exfiltration, etc?