This White Paper presents a set of Security Principles for Cloud and SOA environments. Many of these security principles are widely applicable as guidance to architecting secure systems in all environments. Some do have specific relevance to securing Cloud and SOA environments, so we show these in their own section. We use 'principles' to guide us in making decisions that are sound. Principles are a valuable validation tool – enabling us to check that we are making sound decisions and have not forgotten anything that is material to achieving our design goals. They are especially valuable when there are many aspects/views to a complex design, because they remind us of issues which we find hard to bring to mind when we're deeply involved in such design complexity. Principles are for guidance, not mandatory. If we find special reasons why we should compromise or even ignore a principle, then we may feel confident that we took that principle into account and made a reasoned decision why not to apply it in any given case.