Cloud computing as security measure

Usually people equate the terms "open standards" and "cloud computing" with weak security -- whether legitimately or not. But McAfee CEO Dave DeWalt argued the exact opposite during a morning session at the GFirst Conference, hosted by the Homeland Security Department's U.S. Computer Emergency Readiness Team.

Here's how the theory works: Whether from the computer application, the network, or even the silicon chip, DeWalt said, layered computer security solutions "get a piece of intelligence and send it into the cloud for others to access." Furthermore, he suggests, open standards allow different security technologies to participate in that cloud environment, and you have "an open architecture with multiple vendors allowing us to solve problems."

This perspective was first unveiled three days ago at the RSA Conference in San Francisco, where DeWalt described his "vision for the future of digital security," saying it would build upon a "real-time, in-the-cloud foundation."

Sound backwards? Some at the conference thought so, asking how McAfee -- or any other company for that matter -- can ensure technologies contributing data to a cloud environment remain secure.

"As resources move to the cloud, security must be in the cloud as well," said Greg Schaffer, assistant secretary of DHS' Office of Cybersecurity and Communications. "That doesn't mean we won't do defense in depth; but some security will have to migrate as data and services migrate."