What’s one of the biggest hindrances slowing the migration to cloud computing? Concerns over security, that’s what. Companies want to know where their data is, who has access to it and that it’s protected.

These 20 companies target three key areas for cloud security: security in the cloud, security for the cloud and security from the cloud. Whether it’s a managed suite of security services or policy management and Web filtering, these companies guarantee nothing can get in or out unless it’s supposed to. From small startups to security stalwarts, this list highlights innovators and mavericks in the cloud security space.

Also, keep an eye out for the top 20 cloud infrastructure, software and apps, storage and platform vendors.

AppRiver does messaging security in the cloud. It offers SaaS-based e-mail and Web security tools that are subscription-based and include spam and virus protection, e-mail encryption and Web security. It also offers a full managed service for Microsoft Exchange.

Security and DLP in the cloud is no easy feat, but Awareness Technologies has brought its SaaS-based DLP model to the channel and in just a short time has amassed a small army of channel partners ready to do DLP in the cloud.

Barracuda wears many hats, and most recently it’s donned the cloud cap. The Barracuda Web Security Flex is a cloud-based offering that delivers malware protection, URL filtering and application control to networked, remote and mobile users via SaaS, gateways and agents.

CloudPassage came out of the gate with products to manage cloud security and defend cloud servers. The Halo SVM and Halo Firewall perform server exposure assessments, monitor configuration compliance and provide network access control to secure public and hybrid cloud servers.

Duo Security offers Authentication-as-a- Service with its two-factor authentication offering designed to thwart account and data breaches and theft. Using a mobile device for its second factor, Duo leverages the cloud for an extra line of defense and does so seamlessly.

M86 doubles down, offering security tools that are part appliance and part cloud. With its Secure Web Service Hybrid, it takes its on-premise malware prowess and extends it into the cloud to squash malware and other Web-based threats in realtime.

Now owned by Intel, McAfee has been a proponent of the cloud with its suite of security offerings. McAfee’s cloud security approach is to offer security for, in and from the cloud, and the security giant has products and services to hit each one.

Panda Cloud Protection, a cloud-based security play delivered in a SaaS model, provides protection at the three major threat vectors: endpoint, e-mail and Web. The three-pronged approach has earned Panda praise as a cloud security leader and innovator.

In its bid to end the madness created by too many passwords, single sign-on player Ping Identity turns to the cloud to provide federated identity for cloud and SaaS applications without getting in the way.

Qualys arms cloud providers with its next-generation Security-as-a-Service platform that takes the compliance and threat defense built into its QualysGuard portfolio of security solutions and puts a cloud spin on it. And Qualys said more cloud security plays are coming.

SafeNet’s been around for a while, and its Trusted Cloud Fabric is a comprehensive set of security solutions designed to give enterprises secure cloud and virtual environments through a data-centric approach that is breathing new life into the security game.

Database security player Sentrigo turned its attention to the cloud since, well, databases power many Web applications. With its Hedgehog software, Sentrigo can monitor who is accessing the database and what is being done with that data.

SyferLock does identity and access management with patented authentication, security and single sign-on plays to lock down access across cloud, mobile and network apps using single-factor, two-factor and multi-factor authentication without extra hardware, tokens or client software.

Eliminating the need for on-site hardware and software is at the core of Symantec’s Symantec. cloud services, which secure and manage information on endpoints and are delivered via e-mail, Web and instant messaging. Symantec promises high-availability, lower TCO and increased protection in the cloud.

Calling itself “the cloud security company,” Symplified offers a unified access management system built for cloud architectures of SaaS and integrates into existing infrastructure with the cloud to streamline management, reduce costs and boost security.

SecureCloud is Trend Micro’s key management and data encryption offering that protects and controls confidential information deployed into public and private cloud environments. It uses policy-based key management to ensure compliance regulations are met through remote authentication.

Veracode’s cloud-based application risk management leverages its binary code analysis, dynamic Web assessments and developer e-learning for accurate and affordable verification of application security without pricey tools or source code.

With its cloud-based Reputation Enabled Defense suite of security services, WatchGuard vaulted into the cloud to provide Web security. The services, coupled with the XTM and XCS security appliances, provide protection from viruses, malware, spyware and other Web threats.

Webroot pulls out all the stops when it comes to cloud security, wheeling and dealing with a Web Security Service, E-mail Security Service and E-mail Archiving Service, all in the cloud and all with no software or hardware required for protection.

Websense’s ThreatSeeker Cloud gives solution providers the content security technology and Security-as-a-Service infrastructure to deliver protection via the Websense Web, data and e-mail security that powers all Websense products.