Information security is, at its core, defined by three main concepts: confidentiality, integrity, and availability. Organizations often think about “security” primarily in terms of confidentiality, but omitting the other concepts leaves out many essential design ideas that help supply resilience to systems, during incidents ranging from a security breach to a natural disaster. The concepts also interrelate. For example, designing for availability often means that resolving vulnerabilities is easier, helping to restore confidentiality and integrity to systems. Thinking about security in the cloud means thinking about, and designing for, all three data security concepts.