Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security. A private cloud gives a single Cloud Consumers organization the exclusive access to and usage of the infrastructure and computational resources. But Consumer has limited capability to manage security within outsourced IaaS private cloud. a cloud service mapping can be compared against a catalogue of security controls to determine which controls exist and which do not — as provided by the consumer, the cloud service provider, or a third party. This can in turn be compared to a compliance framework or set of requirements such as PCI DSS. The PCI guidance is defining how Cloud security is a shared responsibility between the cloud service provider (CSP) and its clients. If payment card data is stored, processed or transmitted in a cloud environment, PCI DSS will apply to that environment, and will typically involve validation of both the CSP’s infrastructure and the client’s usage of that environment. Gartner studied Cloud Gateways and came up with the definition of six different types. A Public Cloud Gateways. Provides isolation for the sensitive data from the Public Cloud and the security control stays within your organization. A Cloud Gateway can Protect any data sent or received via HTTP or FTP through enterprise, remote, or mobile channels and Securely integrate enterprise data into cloud applications, emailed reports, and process analytics on protected data from remote requests. You control all security functions from inside your enterprise – vital for compliance with many regulations and laws. You can Protect Data with Tokenization or Encryption. This solution enforces fine grained, field-level data protection with Vaultless Tokenization or encryption, and comprehensive activity monitoring. It should support Multiple Deployment Options with a flexible gateway architecture that allows you to easily deploy the Cloud Gateway on physical or virtual servers, to protect data in public, private, or hybrid cloud environments. It should offer protection by column, field, or even by character without any back-end system modifications or loss in functionality. Files should also be fully encrypted or tokenized.