Cryptographers say cloud computing can be secured

By Robert Westervelt, News Editor 21 Apr 2009 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

According to a panel of cryptographers at the 2009 RSA Conference, cloud computing security issues are similar to those that come with any new technology, and in time security researchers will discover ways to better protect sensitive data in the cloud.

Don't miss need-to-know info! Security pros can't afford to be the last to know. Sign up for email updates from SearchSecurity.com and you'll never be behind the curve!

"I believe cloud computing will get to that status where no program or major industrial design will ever be done anymore on the computers of the company that's doing it," said Whitfield Diffie, vice president, fellow and chief security officer at Sun Microsystems Inc. "This time I think it will take somebody younger than I am to find a solution if there is one that clear."

Whitfield is one of five notable cryptographers who took part in the RSA Conference's annual cryptographer's panel discussion Tuesday.

Ronald Rivest, an electrical engineering and computer science professor at the Massachusetts Institute of Technology, said he was optimistic that researchers would come together to address the security concerns in cloud computing.

In recent months, several organizations have formed to produce research around securing data in the cloud. One such organization, the Cloud Security Alliance, is launching this week at RSA. It will also release a research paper that outlines more than a dozen cloud computing security issues that need to be addressed.

"It's going to take hard work to make sure all the security objectives are met," Rivest said.

Security issues aside, industry observers note that companies are turning to cloud computing in growing numbers as they look for new ways to cut costs. Research firm Gartner Inc. estimates that by 2011, early technology adopters will purchase 40% of their IT infrastructure as a service, "untying applications from specific infrastructure."

RSA Conference 2009 For all the latest news, podcasts and more direct from the show floor in San Francisco, visit our RSA Conference 2009 special news coverage page.

Security vendors are already responding to the trend. On Monday, VMware Inc. released APIs to security vendors under its VMsafe program. The company also released the next version of its OS for cloud computing. Symantec Corp., McAfee Inc., Trend Micro Inc. and others are integrating security tools to address virtualization.

At least one cryptographer warned that cloud computing could result in increased dangers. Adi Shamir, a professor in the computer science department at the Weizmann Institute of Science, said security has been about fending off many small disasters without a big catastrophe. He said cloud computing introduces a world in which large computations are conducted by a small number of huge data centers hosted by Microsoft, Amazon, Google Inc. and others.

"I think we are facing real danger that hackers will be able to take one of those data centers out of commission," Shamir said, "and then we would have a catastrophic effect.".

Still, Bruce Schneier, chief security technology officer of BT Counterpane, said he doesn't see many fundamental differences with cloud computing and the current risks inherent in software.

"We still have to trust our vendors," Schneier said.

Tags: Web Services Security and SOA Security,  Virtualization Security Issues and Threats,  Secure SaaS: Cloud services and systems,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Services Security and SOA Security Information security book excerpts and reviews Security testing firm uncovers XML vulnerabilities Will cloud computing and virtualization save the day? MySpace, Facebook ignoring basic principles of security Kaminsky: DNS flaw capable of attacks on many fronts Kaminsky on DNS rebinding attacks, hacking techniques Which operating system can best secure an FTP site? IBM's Watchfire halts network research, focuses on Web apps How does identity propagation work? Citrix adds Web security with acquisition Virtualization Security Issues and Threats Web security strategy: Use cloud security services Cloud computing data security starts with internal strategy, experts say PCI virtualization SIG closer to proposing changes to standard Security challenges with cloud computing services Secure virtual desktop software enables remote client security Security threats to virtual environments less theoretical, more practical At VMworld 2009, companies focus on virtual desktops for security Security fundamentals remain focus of virtualization deployments How to implement virtual firewalls in a complex network infrastructure How to find virtual machines for greater virtualization compliance Secure SaaS: Cloud services and systems Cloud computing in 2010: Be ready for risk management challenges Maintaining security after a cloud computing implementation Preparing the network for a cloud computing implementation Web security strategy: Use cloud security services Cloud Security Alliance releases updated guidance Carefully evaluate providers' SaaS security model Should cities demand data breach penalties? How to justify information security spending on cloud computing Cloud computing data security starts with internal strategy, experts say Network security expert urges hardening of cloud protocols

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary