In Cloud computing, various IT resources are hosted remotely (or in a "cloud") and users simply access these resources on a relatively cheap "pay per use" basis. A third party can host a software in the "cloud" and users can access and use this software; this is called "Software as a service".
Cloud computing is the next evolution of information technology, that allows companies to reduce capital costs, divest themselves of infrastructure management and allows them to focus on their core competencies.
As expected there is a developing new security area to protect cloud computing and it is none other than cloud security. Cloud security covers policies, technologies, and controls to protect cloud computing. Cloud computing has created security issues for both the Cloud provider and their customers.
The customer must conduct risk assessments to determine which services are to be transferred into the cloud. They should understand their organization’s value of the system(s) that they are considering moving into the cloud. Is the information of low sensitivity or is it mission-critical?
They should ensure that their cloud services are not concentrated at any one cloud provider. There is the risk of putting all of your eggs in one basket. The customer needs to conduct due diligence to ensure amongst other things, the financial stability of its cloud providers.
The customer must ensure that the cloud provider has taken the proper security measures to protect its cloud customers’ information. Customers need to include in their agreements/contracts with cloud providers the provision that cloud providers undergo annual independent IT and financial audits. Customer should also request monthly or quarterly reports on performance, capacity and any breaches of security.
The customer must develop their Identity Management system (IDM) to control access to their information and computing resources in the cloud. Cloud Providers should either implement the customers IDM or deployed a sufficiently robust IMD.
And if all this is too complicated for you, then there are security software offerings that are "cloud-based" (a.k.a. security-as-a-service) which will provide you with the security expertise that you will need to protect your cloud system(s).