Cloud computing holds great promise to streamline IT functions, but it could also be a security disaster waiting to happen, according to some security experts.
In a Tuesday session at the RSA 2009 conference in San Francisco, Ari Juels, chief scientist and director of RSA Laboratories, asked a panel of some of the industry's foremost cryptographic experts to identify key challenges the industry faces today, and cloud computing emerged as a recurring theme.
Whitfield Diffie, vice president and fellow and chief security officer at Sun Microsystems, said cloud computing represents a type of challenge for security that has only been seen twice before, most recently in radio.
"You have to put your best information out there where everyone can get it, and if you don't, you're going to go out of business. Cloud computing will get to that status," Diffie said. "In radio, cryptography took eight years to rescue us from that problem."
Adi Shamir, a computer science professor at Israel's Weizmann Institute of Science, believes the massive-scale data centers being built by the likes of Microsoft and Google represent giant targets for hackers, and said the implications of attacks on these facilities shouldn't be underestimated.
In the past, individual software bugs have been fairly easy to find and patch, but addressing vulnerabilities on a data center scale represents a far greater security challenge, Shamir said.
"When a large fraction of computing is handled by a small number of data centers, I think we're facing a real danger that hackers will be able to take one of those data centers out of commission, which would have catastrophic effects," Shamir said.
But Bruce Schneier, chief security technology officer at BT Counterpane, argues that the security challenges in the cloud aren't different from those with which the security industry has grown accustomed.
"I'm kind of bored with cloud computing. It's presented as a new paradigm, but fundamentally, I don't see a lot of differences. Computing is all about trust, and we still have to trust our vendors," Schneier said.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
