Security architecture and cloud computing are not mutually exclusive according to Vladimir Jirasek, Director of Research at CSA UK. There is a direct map between cloud models (IaaS, PaaS, SaaS) and areas of security models (identity and access management, encryption, firewalls etc.). Responsibilities for security areas depend on the cloud model, with providers taking more responsibility in IaaS and customers taking more in SaaS. The document provides guidance on developing cloud security standards and managing security risks when using cloud computing.