Article

Cryptographers say cloud computing can be secured

Robert Westervelt, News Editor
SAN FRANCISCO -- The move toward cloud computing may be inevitable, but that doesn't mean the related security challenges aren't avoidable.

According to a panel of cryptographers at the 2009 RSA Conference, cloud computing security issues are similar to those that come with any new technology, and in time security researchers will discover ways to better protect sensitive data in the cloud.

    Requires Free Membership to View

    Login

Don't miss need-to-know info!

Security pros can't afford to be the last to know. Sign up for email updates from SearchSecurity.com and you'll never be behind the curve!
"I believe cloud computing will get to that status where no program or major industrial design will ever be done anymore on the computers of the company that's doing it," said Whitfield Diffie, vice president, fellow and chief security officer at Sun Microsystems Inc. "This time I think it will take somebody younger than I am to find a solution if there is one that clear."

Whitfield is one of five notable cryptographers who took part in the RSA Conference's annual cryptographer's panel discussion Tuesday.

Ronald Rivest, an electrical engineering and computer science professor at the Massachusetts Institute of Technology, said he was optimistic that researchers would come together to address the security concerns in cloud computing.

In recent months, several organizations have formed to produce research around securing data in the cloud. One such organization, the Cloud Security Alliance, is launching this week at RSA. It will also release a research paper that outlines more than a dozen cloud computing security issues that need to be addressed.

"It's going to take hard work to make sure all the security objectives are met," Rivest said.

Security issues aside, industry observers note that companies are turning to cloud computing in growing numbers as they look for new ways to cut costs. Research firm Gartner Inc. estimates that by 2011, early technology adopters will purchase 40% of their IT infrastructure as a service, "untying applications from specific infrastructure."

RSA Conference 2009

For all the latest news, podcasts and more direct from the show floor in San Francisco, visit our RSA Conference 2009 special news coverage page.
Security vendors are already responding to the trend. On Monday, VMware Inc. released APIs to security vendors under its VMsafe program. The company also released the next version of its OS for cloud computing. Symantec Corp., McAfee Inc., Trend Micro Inc. and others are integrating security tools to address virtualization.

At least one cryptographer warned that cloud computing could result in increased dangers. Adi Shamir, a professor in the computer science department at the Weizmann Institute of Science, said security has been about fending off many small disasters without a big catastrophe. He said cloud computing introduces a world in which large computations are conducted by a small number of huge data centers hosted by Microsoft, Amazon, Google Inc. and others.

"I think we are facing real danger that hackers will be able to take one of those data centers out of commission," Shamir said, "and then we would have a catastrophic effect.".

Still, Bruce Schneier, chief security technology officer of BT Counterpane, said he doesn't see many fundamental differences with cloud computing and the current risks inherent in software.

"We still have to trust our vendors," Schneier said.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top