In this talk I'll run through the major security requirements expressed by cloud users that OpenStack currently doesn't meet. We'll run through real world examples of how OpenStack can be attacked or subverted due to weaknesses in design and discuss how the OpenStack Security Group is working to improve current security controls and deliver new ones.