Defining Cloud Security: Six Perspectives
Cloud computing is all the rage these days, but confusion abounds over how best to secure it. Here, six IT security practitioners share their ideas on the key components of a cloud defense (part of an ongoing series).
By Bill Brenner , Senior Editor
September 29, 2009 — CSO —
Given how expensive it is to maintain in-house hardware and software, the idea of putting one's IT infrastructure in the cloud sounds downright heavenly.
Consider the advantages: You needn't have expertise or control over the infrastructure when it's being offered as a service over the Internet. You just put everything in the so-called cloud and forget about it. There's no expense to pay people to sit in a room full of servers or other equipment and play babysitter.
Of course, like any young technology, the rate of implementation is far outpacing most adopters' abilities to secure it. This series is meant to put the security requirements of cloud security into sharper perspective.
CSOonline began the task by reaching out to people via several security forums on LinkedIn. What follows are the views of six IT security practitioners on what they believe cloud computing is truly about, and how best to secure it.
MORE ON CLOUD SECURITY:
Matt Schneider, security consultant and senior Web design architect at Ford Motor Company
I am very interested in security in the cloud as we are developing a Web application that will give the masses a secure alternative to e-mail, chat, message boards and collaboration whereby all content is protected on our Web and database servers using strong encryption and optionally passkeys. I am just now starting to network in the security space in hopes of getting some unbiased opinions on just how secure this solution is perceived by the experts.
As a Web developer, I know how easy it would be to claim you're doing all you can to protect the data users entrust to your care while just storing it as plain text on a shared hosting site. Most people don't even read the fine print, but if they did, they probably err on the side of blind trust. In the majority of instances, your personal information is not of value to anyone else and the sites you visit are not being hacked. I am just as guilty of trusting Web apps with my data. But I am well aware of the risks. I have used my credit card hundreds of times for Internet purchases over the years and have never had it stolen from a website by a hacker (at least that I know of).