Recent research has shown that co-resident attacks can lead to cross-tenant information leakage in cloud. Existing solutions for mitigating co-resident attacks generally require significant changes to hypervisors, guest OSes or hardwares, even periodic VM migration, which might not be immediately applied to cloud datacenters. In this paper, we propose the security-aware VM placement approach (SecVMP) to minimize co-residency and mediate conflicts between tenants for proactively mitigating co- resident attacks in cloud. The proposed approach also takes load balancing and power consumption into consideration to make itself more practical. It consists of three main parts: the security-aware co-resident rules (SecCRRs), the security-aware VM allocation algorithm (SecVMA) and the security-aware VM migration algorithm (SecVMM). The SecCRRs are based on characteristics of known co-resident attacks and stipulate which pairs of VMs are conflicting so that they shouldn't be co-resident on the same physical server. The SecVMA proactively avoids being co-resident with conflicting tenants and minimizes co-residency as much as possible when launches VMs. And the SecVMM migrates conflicting VMs and separates conflicting tenants in time. Experimental results in CloudSim show that the SecVMA can greatly reduce the co-residency of cloud with little impact on load balancing and power consumption. In addition, triggered by the SecCRRs, the SecVMM can separate conflicting tenants with fewer migrations to reduce co-resident risk.