According to a recent survey by Thales and analyst firm 451 Research, nearly half of federal agencies used more than five infrastructure-as-a-service (IaaS) vendors and more than 100 software-as-aservice (SaaS) applications. But with this transition several concerns have also been raised, including the increased number of vulnerabilities stemming from shared infrastructures; security breaches in the cloud; and the complexities surrounding custodianship of encryption keys.