Whether a company is deploying a private or hybrid cloud, security remains a major concern. Cloud security often refers to user authentication and data protection, typically through encryption.

Among the many issues is the ability to authenticate employees to control the cloud services and data they have access to. In addition, managing cloud security so that policies and compliance standards enforced within an internal network are extended to the cloud remains a challenge for many organizations. Adding to the complexity is the virtualization layer that sits between the operating system and hardware in the infrastructure of cloud service providers. That layer also must be configured, managed and secured.

Here we look at the major players keeping the cloud secure. Be sure to sure to check out the rest of CRN's 100 Coolest Cloud Computing Vendors as well as the last year's top cloud computing vendors.

Acronis’ data protection and disaster recovery plays have branched beyond physical and virtual worlds and into the cloud. Acronis’ cloud mission is to help customers maintain business continuity, reduce downtime, recover data and protect information for companies of all sizes.

Akamai has its hands in a lot of cloud cookie jars, lately, but it’s its cloud-based security capabilities that put it at the top of the heap. Delivering protection “from top to bottom, edge to origin and everywhere in between” Akamai’s EdgePlatform aims at boosting cloud defense without sacrificing performance.

BMC is best known for its IT and lifecycle management plays, but the recent acquisition of Numara Software adds a new security flavor to the mix. With Namura, BMC gets SaaS software to deepen its security and compliance capabilities along with more management features.

A major piece of CA’s cloud computing momentum is building out security for the cloud. And CA’s CloudMinder set of cloud security solutions offers identity and access management, authentication, single sign-on and other security features for cloud apps and information in the cloud.

Check Point closed out 2011 with one mission: Make cloud a priority. Its Check Point SMB Cloud-Managed Security Service gives SMBs an all-in-one cloud-based security solution and its inking of a new deal with Amazon extends its on-premise software and appliances to Amazon’s cloud platform.

CloudPassage looks at cloud security from a different angle; securing cloud servers across public, private and hybrid clouds with its SaaS-based Halo platform, which offers visibility into cloud server security in real-time to detect a broad range of security events and system states.

Dome9 bills itself as an automated cloud security firewall management service to centrally manage cloud security across all servers and clouds in both public and private environments. And its recent paring with Rackspace puts Dome9 into Rackspace’s Cloud tools Program of third-party applications.

Data recovery isn’t just a nice-to-have, it’s a necessity, and EVault fortifies its platform and secure cloud infrastructure with access to data recovery experts—actual people— whose mission is to make sure that users get their data back as quickly as possible.

Breaking out of its hardware legacy, network security and unified threat management mainstay Fortinet has taken to the cloud. The recent launch of four virtual appliances lock down virtualized and cloud environments to let companies protect their data within their private and hybrid clouds.

IBM wants to make the cloud smarter with its suite of SmartCloud offerings, and Big Blue is also taking steps to secure the cloud with IBM Cloud Security Infrastructure and Services through which IBM delivers managed security services and other offerings to protect the cloud.

The Intel-owned security company has been preaching cloud security measures since before the cloud truly formed. McAfee’s central cloud piece is the Cloud Security Platform, which secures content and data—e-mail, Web and identity—as it moves to and from the cloud.

Founded by Amazon EC2 veterans, Nimbula may be an infrastructure player, but it puts security and control front and center with its enterprise- and government-focused cloud operating system. Its cloud infrastructure and services marry on-premise data center security with public cloud flexibility and scalability.

NTT’s cloud services usually take the spotlight, but under the hood NTT is offering a suite of managed security services that ensure cloud environments are impenetrable. NTT adds customizable firewalls, dedicated firewalls, dedicated VLANs, two-form authentication, VPN administration and other access controls.

Okta does identity and access management. And it does it in the cloud. Its turnkey service lets enterprises speed secure adoption of Web applications in the cloud and behind the firewall, and it does so whether a company uses one or dozens of cloud apps.

While storage may be core to Oxygen Cloud’s story, its data security and control are the cornerstones. Offering mobile access to storage and enabling users to access files through any app or device, Oxygen offers secure, unfettered access to data without sacrificing control.

A big piece of RightScale’s cloud management is managing access and usage of cloud resources through its set of governance controls. RightScale lets users control authentication, permissions and credentials with its Access and Security Manager and resolve issues and events with Auditing and Logging.

For the cloud and from the cloud; that’s how Symantec protects. Symantec promises to offer protection of the cloud with platform-independent policy groupings; reduce security workloads across virtual and physical deployments; and identify, monitor and manage rogue, vulnerability or noncomplaint systems.

SecureCloud, Trend Micro’s data protection public and private clouds, gives users the ability to protect data with an encryption service that keeps data private and ensures it meets compliance requirements. The key management offering can be a hosted service or on-premise software app.

Cloud security start-up Veracode offers a cloud-based application security testing platform, and offers automated static and dynamic application security testing software and remediation service. Veracode can scan binary code to find and fix flaws based on corporate risk management policies.

Want more visibility and control in the cloud? IT-as-a-Service company Zenoss delivers that in spades with its Zenoss Service Dynamics, an operations management tool to support cloud environments that unlocks complete control and visibility into infrastructure, whether physical, virtual or cloud-based in realtime.

Cloud 100:
The 20 Coolest Cloud Storage & Data Center Vendors
The 20 Coolest Cloud Infrastructure Vendors
The 20 Coolest Cloud Software Vendors
The 100 Coolest Cloud Computing Vendors Of 2011