I think cryptographic methods provide more security for cloud data.

Different types of Cloud Computing services commonly referred 3 part (Saas,Paas,Iaas) and each level has different modes for Authentication, Authorization, and Accounting,for example in software as services when you want to use Mail Server 2 level of security are enough (SSH for Certificate to access user login) and HASH Algorithm for each account in asynchronous communication .Also Security in Cloud Computing include which Architecture you design for example Web Server ,Storage ,Database .

If you ask for security of "data at rest"  i.e. security of storage clouds: the solution is easy: encrypt your data before sending it to cloud storage. For the strength of crypto algorithms see these links:  http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report or http://csrc.nist.gov/groups/ST/toolkit/key_management.html

--  A very up-to-date (26th may 2014) summary on key lengths of the different algos- which I like because of its simplicity: http://www.internet-sicherheit.de/fileadmin/images/infografik/Cryptographic_Algorithms_A4_20140526.pdf

--  Back to your question: The "big" (i.e. hard to solve) problem of cloud security is not the storage cloud but IaaS cloud: if the cloud customer wants to send a virtual machine/ virtual image to the cloud provider which should be executed at the provider's side ( this is the basis of IaaS cloud) the customer can not encrypt the virtual image because the provider needs the image in plain text to execute it.

A solution for this would be homomorphic encryption but this solution is not ready yet for practical application.

Another solution - which is quite complex, because it is based on several technologies , is based on Trusted Computing technology, Mandatory Access Control. This solution gives the customer assurance (security) that the provider can not access the virtual image easily.

We have build a system (including a running prototype) that allows the cloud customer to get a proof that a reference platform is running on the providers site. This proof is called "attestation". We used Trusted Computing technology for this "proof". Additionally we used trusted boot (also a TCG technology) which allows to measure all executed HW and SW components during startup of the provider's system. The measurement (=integrity) values can be sent in a secure way to the customer. We also implemented Mandatory access control to prevent the cloud providers administrator to change/manipulate the log files.

If you are interested in this, see my paper: "Retaining Control Over Private Virtual Machines Hosted by a Cloud Provider". you get the full text via research gate: https://www.researchgate.net/publication/264037748_Retaining_Control_Over_Private_Virtual_Machines_Hosted_by_a_Cloud_Provider

Conference Paper Retaining Control Over Private Virtual Machines Hosted by a ...

Yes,It is possible to follow advance encryption standard but neet to be consider about SLA and architecture of Cloud as private , Community , Public Cloud or Hybrid Cloud are used also dimensions of the Cloud is important beacuse IAAS infrastructure Security could be combination of private data encryption with public encryption.