In the Cloud Computing world today, Security is a major issue. We all know, Data in Internet /Cloud should be stored in encrypted form. Encryption helps to protect data from being compromised. It protects data that is being transferred as well as data stored in the cloud. Although encryption helps to protect data from any unauthorized access, it does not prevent from data loss. There are series of security planning Enterprise should do before deploying a particular resource to Cloud. •Select which resources enterprise is going to move to cloud and analyze its sensitivity to risk. •Consider cloud service models such as IaaS, PaaS, and SaaS. These models require consumer to be responsible for security at different levels of service. •Consider which cloud type such as public, private, community or hybrid. •Understand the cloud service provider’s system that how data is transferred, where it is stored and how to move data into and out of cloud. Mainly the risk in cloud deployment depends upon the service models and cloud types. Second critical steps is understanding of Cloud security boundaries. A particular service model defines the boundary between the responsibilities of service provider and consumer. Cloud Security Alliance (CSA) stack model defines the boundaries between each service model and shows how different functional units relate to each other. There are list of Key points to CSA Model •IaaS is the most basic level of service with PaaS and SaaS next two above levels of service. •Moving upwards each of the service inherits capabilities and security concerns of the model beneath. •IaaS provides the infrastructure, PaaS provides platform development environment and SaaS provides operating environment. •IaaS has the least level of integrated functionalities and integrated security while SaaS has the most. •CSA model describes the security boundaries at which cloud service provider’s responsibility ends and the consumer’s responsibilities begin. •Any security mechanism below the security boundary must be built into the system and above should me maintained by the consumer. Although each service model has security mechanism but security needs also depends upon where these services are located, in private, public, hybrid or community cloud. There is another protocol to understand is Data security. Since all the data is transferred using Internet, data security is of major concern in cloud. Here are 4 key mechanisms for protecting data mechanisms listed below: 1.Access Control 2.Auditing 3.Authentication 4.Authorization All of the service models should incorporate security mechanism operating in all above-mentioned areas. Last but not the least factor is Isolated access to Data. Since data stored in cloud can be accessed from anywhere, therefore to protect the data, Enterprise must have a mechanism to isolate data from direct client access. Brokered Cloud Storage Access is one of the approaches for isolating storage in cloud. In this approach, two services are created: •A broker with full access to storage but no access to client. •A proxy with no access to storage but access to both client and broker.