Cloud security refers to two things: the security of the cloud and the provision of security services via the cloud, often referred to as security as a service.
In terms of the security of the cloud, considerations include the policies, technologies and controls that organisations must deploy to protect the infrastructure of the cloud and the associated data and applications. Whilst many have seen security to be an inhibitor to cloud adoption, its use can actually provide higher levels of security than in-house implementations. To ensure that this remains so, however, we need to do more to improve the security of the cloud and of the internet as a whole; see here.
To ensure that services based in the cloud are secure, there are a number of things that organisations need to consider; see Best Practice here.
In terms of security as a service, many organisations are finding many advantages in subscribing to security services based in the cloud (see here). Examples of services that can be provided include authentication, anti-malware, application security, and web and messaging security services.
Cloud-based services can provide advantages for a wide variety of organisations, from small organisations that lack the resources to manage security or applications themselves to large, distributed multinational and public sector organisations; see "Considerations when choosing a SaaS or cloud provider" here.
Many of the largest security vendors have developed capabilities in cloud security, many through acquisition, including McAfee, Symantec, Cisco and IBM. There are also a number of vendors from the network management space that have entered the market for boosting the security of cloud-based services, such as Barracuda Networks and F5 Networks. However, there are also a wide range of innovative, specialised cloud security services vendors, some of which have achieved significant funding recently. Some of these remain attractive acquisition targets; see here.