SAN FRANCISCO -- The move toward cloud computing may be inevitable, but that doesn't mean the related security...
challenges aren't avoidable.
According to a panel of cryptographers at the 2009 RSA Conference, cloud computing security issues are similar to those that come with any new technology, and in time security researchers will discover ways to better protect sensitive data in the cloud.
Whitfield is one of five notable cryptographers who took part in the RSA Conference's annual cryptographer's panel discussion Tuesday.
Ronald Rivest, an electrical engineering and computer science professor at the Massachusetts Institute of Technology, said he was optimistic that researchers would come together to address the security concerns in cloud computing.
In recent months, several organizations have formed to produce research around securing data in the cloud. One such organization, the Cloud Security Alliance, is launching this week at RSA. It will also release a research paper that outlines more than a dozen cloud computing security issues that need to be addressed.
"It's going to take hard work to make sure all the security objectives are met," Rivest said.
Security issues aside, industry observers note that companies are turning to cloud computing in growing numbers as they look for new ways to cut costs. Research firm Gartner Inc. estimates that by 2011, early technology adopters will purchase 40% of their IT infrastructure as a service, "untying applications from specific infrastructure."
At least one cryptographer warned that cloud computing could result in increased dangers. Adi Shamir, a professor in the computer science department at the Weizmann Institute of Science, said security has been about fending off many small disasters without a big catastrophe. He said cloud computing introduces a world in which large computations are conducted by a small number of huge data centers hosted by Microsoft, Amazon, Google Inc. and others.
"I think we are facing real danger that hackers will be able to take one of those data centers out of commission," Shamir said, "and then we would have a catastrophic effect.".
Still, Bruce Schneier, chief security technology officer of BT Counterpane, said he doesn't see many fundamental differences with cloud computing and the current risks inherent in software.
"We still have to trust our vendors," Schneier said.