How is data encrypted, both in use and at rest, when stored in the cloud infrastructure?
Most cloud providers automatically encrypt data in transit by requiring SSL connections on any Web browser, but whether this data is stored in encrypted containers is another matter. The best way to do things is to create a hybrid public/private cloud so that any cloud-based resources can sit behind the corporate firewall and be protected just as if they were inside your own data center. See Public And Private Hybrid Clouds: The Pros And Cons for more on this.
Most cloud vendors offer some kind of Virtual Private Network (VPN) protection of their environments, so that information is encrypted in transit and easily accessible via ordinary network shares. As an example, Verizon's Computing as a Service offers Cisco's AnyConnect VPN client that is launched from Internet Explorer.
Verizon's CaaS uses the Cisco AnyConnect VPN that works inside Internet Explorer to secure remote access to virtual resources.
Other cloud providers offer virtual firewalls from vendors, such as Vyatta, that connect to their twins inside a corporate data center, or work with traditional Cisco VPN gateways.
One of the numerous Amazon Web Services is its Virtual Private Cloud, which allows you to connect any of your Amazon-based cloud-based resources to your own premises. You can bridge your Amazon and on-premises networks, assign private IP address ranges, and route traffic from your applications running in the cloud to your internal security devices before reaching the Internet.