Many organizations today are either implementing cloud-based solutions, or evaluating which cloud-based solutions they will be implementing in the future. According to Gartner Inc. cloud computing is "no less influential than e-business".
This shift in architecture from an enterprise-based traditional server-based system to a cloud-based system will have associated costs of entry and risks, but it can result in enormous benefits in savings and in information technology, business agility and flexibility.
While there is considerable pressure on organizations to consider moving to the cloud-based services, security issues continue to be one of the largest concerns that organizations have about this move. The different cloud-based deployment models, including private, public or hybrid cloud, bring with them a range of challenges, and security concerns cut across them all. Many organizations will need to apply best practice security standards that are far in excess of those that they currently implement with their on-premise systems. The migration or adoption of cloud services then can provide an advantage in that firms can design, from the ground up, their new cloud-based infrastructures with security "baked-in"; this is in contrast to the piecemeal and "after the fact" or "bolted-on" nature of security seen in most data centers today.
The cloud service model that an organization wants to implement influences security design and implementation. We will cover the three cloud computing service models: Infrastructure as a Service (IaaS) , Platform as a Service (PaaS) and Software as a Service (SaaS) . These models all have different security issues that need to be considered and more importantly, a determination of the balance of responsibilities between the customer and the cloud provider for each of the service models also needs to be made.
Data storage in the cloud also requires particular consideration. The regulatory environment within which many industries operate may generate particular issues with cloud-based data storage, such as legislation on data access, issues with where the data is stored and used, as well as the important issues around the management of cryptographic keys . Strong cryptographic protection and encryption of any stored data is essential, whether that information is at rest or in transit. This becomes even more important when considering the issue of data storage in jurisdictions where data privacy laws differ from that of the firm's host country.
Source: Microsoft TechNet wiki