I have a new paper in the current IEEE Security & Privacy Journal, called "Don't Trust. And Verify." It describes a Security Architecture Stack for the Cloud. It covers some of the ground that I discussed in my keynote at Cloud Identity Summit.
There are four patterns that I see as key for Cloud Security: Gateways, Monitoring Services, Security Token Services and PEP/PDP.
I think that using patterns is a different way to approach security architecture from how its normally done. There are certainly other technologies, patterns and processes that are vital to Cloud Security, but I see these four as essential - not because they give us a magic way to trust the cloud, but rather because they give us a way to verify.
Oh, and one more thing, in the recent multi billion dollar spate of security company acquisitions, one of the reasons inevitably given by the acquiring company was more focus on Cloud and mobile security. But most of those acquisitions do not address the aforementioned patterns in any great detail, so there is a lot of opportunity for the security industry to improve going forward.