Defining Cloud Security: Six Perspectives

CSO - Given how expensive it is to maintain in-house hardware and software, the idea of putting one's IT infrastructure in the cloud sounds downright heavenly.

Consider the advantages: You needn't have expertise or control over the infrastructure when it's being offered as a service over the Internet. You just put everything in the so-called cloud and forget about it. There's no expense to pay people to sit in a room full of servers or other equipment and play babysitter.

Of course, like any young technology, the rate of implementation is far outpacing most adopters' abilities to secure it. This series is meant to put the security requirements of cloud security into sharper perspective.

CSOonline began the task by reaching out to people via several security forums on LinkedIn. What follows are the views of six IT security practitioners on what they believe cloud computing is truly about, and how best to secure it.

MORE ON CLOUD SECURITY: Also see Cloud Security: Danger (and Opportunity) Ahead Also see Cloud Security: Time to Smoke Another One? Also hear: Why Security Pros Have Their Heads in the Cloud (podcast)

Matt Schneider, security consultant and senior Web design architect at Ford Motor CompanyI am very interested in security in the cloud as we are developing a Web application that will give the masses a secure alternative to e-mail, chat, message boards and collaboration whereby all content is protected on our Web and database servers using strong encryption and optionally passkeys. I am just now starting to network in the security space in hopes of getting some unbiased opinions on just how secure this solution is perceived by the experts.

As a Web developer, I know how easy it would be to claim you're doing all you can to protect the data users entrust to your care while just storing it as plain text on a shared hosting site. Most people don't even read the fine print, but if they did, they probably err on the side of blind trust. In the majority of instances, your personal information is not of value to anyone else and the sites you visit are not being hacked. I am just as guilty of trusting Web apps with my data. But I am well aware of the risks. I have used my credit card hundreds of times for Internet purchases over the years and have never had it stolen from a website by a hacker (at least that I know of).

Most of the data we deal with on the Internet is not sensitive and doesn't warrant being protected from theft or destruction. Take this conversation for example. I highly doubt this data is encrypted while at rest on LinkedIn's servers. If we were discussing something top secret, this would not be the safest way to do it, although we would probably "get lucky" and no one would ever see our conversation.