Cryptography Experts Warn Of Cloud Security Risks

In a Tuesday session at the RSA 2009 conference in San Francisco, Ari Juels, chief scientist and director of RSA Laboratories, asked a panel of some of the industry's foremost cryptographic experts to identify key challenges the industry faces today, and cloud computing emerged as a recurring theme.

Whitfield Diffie, vice president and fellow and chief security officer at Sun Microsystems, said cloud computing represents a type of challenge for security that has only been seen twice before, most recently in radio.

"You have to put your best information out there where everyone can get it, and if you don't, you're going to go out of business. Cloud computing will get to that status," Diffie said. "In radio, cryptography took eight years to rescue us from that problem."

Adi Shamir, a computer science professor at Israel's Weizmann Institute of Science, believes the massive-scale data centers being built by the likes of Microsoft and Google represent giant targets for hackers, and said the implications of attacks on these facilities shouldn't be underestimated.

In the past, individual software bugs have been fairly easy to find and patch, but addressing vulnerabilities on a data center scale represents a far greater security challenge, Shamir said.

"When a large fraction of computing is handled by a small number of data centers, I think we're facing a real danger that hackers will be able to take one of those data centers out of commission, which would have catastrophic effects," Shamir said.

But Bruce Schneier, chief security technology officer at BT Counterpane, argues that the security challenges in the cloud aren't different from those with which the security industry has grown accustomed.

"I'm kind of bored with cloud computing. It's presented as a new paradigm, but fundamentally, I don't see a lot of differences. Computing is all about trust, and we still have to trust our vendors," Schneier said.