Why is cloud computing hard? Top tech execs speak their minds

Execs at Microsoft, Trend Micro, EMC's RSA division, McAfee and Symantec tackle the question of cloud security

Everyone's talking about cloud computing and security. But what makes it so hard?

A new take on cloud security ... from Hitler

Top execs at Microsoft, Trend Micro, EMC's RSA division, McAfee and Symantec weighed in on the security challenges  related to cloud computing.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Everyone's talking about cloud computing and security. But what makes it so hard?

A new take on cloud security ... from Hitler

Top execs at Microsoft, Trend Micro, EMC's RSA division, McAfee and Symantec weighed in on the security challenges  related to cloud computing.

The cloud security survival guide

"It's going to be an ongoing challenge and ongoing area of not only technical innovation but also of communications innovations," said Microsoft CEO Steve Ballmer during an appearance at the University of Washington earlier this month. "Some people think the cloud is pretty darn safe, some people know that it is not safe and secure, and some other people don't think much about it at all. Can we give people the tools that let them feel in control, let them feel responsible? I think [users] will know [cloud security] when they see it. The problem right now is that users don't really know what's going on…and really making the tools and technologies that make it easy to manage the interaction is important."

Sharing makes cloud security a challenge, said Eva Chen, CEO at Trend Micro, in a conversation with Network World at   RSA: "Traditionally, the IT infrastructure you owned. With cloud computing, you share the computing power, you share the storage. You want to know who you're sharing with. For security, are you going to live in a hotel with your door unlocked? Like a hotel, you may be temporarily renting in cloud computing. You need to know there are locks."

Network World also caught up with Art Coviello, president of EMC's RSA division and executive vice president at EMC, at RSA. "The hardest thing about cloud security? I honestly feel it's at the chip level because having that hardware root of trust is critical. It's the sine qua non of the process," Coviello said. "Another thing that's a big challenge in this is manageability. To manage all the controls, [you have to] merge security policy with your overall business policy and get those coordinated and leveraged. The organization subscribing to the cloud service has to be able to dictate federation or policy to the cloud provider. Only they can they decide."

Dave DeWalt, president and CEO at McAfee, told Network World that education is the biggest challenge: "Many companies are nervous now because for 20 to 30 years they've controlled their destiny, but in the cloud approach, applications are managed sometimes by several vendors to control their data. They're uneasy about losing control over critical assets. That's the first thing. And you don't have any standards for cloud-based computing today. The maturation of cloud-based computing is in its infancy, so it needs to evolve. Vulnerabilities exist and mistakes are made."

Enrique Salem, president and CEO at Symantec, said cloud computing puts some new requirements on security. "To begin with, from an infrastructure perspective, security will need to move closer to the applications and data. In a shared services architecture, it isn't sufficient for security to simply protect the cloud perimeter, the data center or even the individual servers and storage arrays," Salem said in an e-mail interview.