Subscribe

Curb your cloud enthusiasm

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Cyprus, 07 Jun 2010

While cloud computing is in its infancy, some businesses are taking it too far, too quickly. This will ultimately result in a security 'wake-up call', and a steep learning curve.

So says Magnus Kalkuhl, senior virus analyst at Kaspersky Lab, who cited the LoveLetter worm, which caused enormous problems for businesses in 2000, as an example. “Until then, no one had really thought about e-mail security. A big lesson was learned from the incident.”

Kalkuhl says cloud computing could benefit from a similar wake-up call, and he believes one will eventually occur.

According to Kalkuhl, at the moment, there are no standards or best practices in place, as each cloud vendor has its own. “At the same time, there are definite risks attached to cloud computing, such as data leakage, which, when considering the range and variety of data stored by cloud providers, could have a significant impact.”

Additionally, malware writers and hackers will inevitably target cloud computing services in search of data to steal, sell or manipulate. As cloud computing evolves to become a critical business tool, standards and legislation will need to be introduced to regulate the providers and mitigate risk.

This is also necessary, he says, because cloud computing is an attractive target for cyber criminals. “All a cyber criminal needs to do is gain access to the physical server. Through this machine, they would have access to and control of the various virtual machines connected to it.”

He says reports of data being leaked or lost are practically a daily event. In addition, using cloud services means placing unprecedented trust in the provider. However, he doesn't think the risks will drive cloud computing out of business, as it is both convenient and saves money.

“Rapidly evolving technology is making it possible for home users and smaller businesses, without significant financial resources, to take advantage of the benefits offered by cloud computing,” says Kalkuhl. This includes access to high-performance resources, which would otherwise be out of their reach in terms of costs. “The content industry will also benefit from cloud computing, by making it far more difficult to illegally copy music, movies and suchlike.”

Companies opting not to use cloud services will quickly become isolated, he says, and adds that rather than boycotting this technology, a better approach would be to create standards and guidelines for providers, to improve the security of cloud services.

At present, he says, any organisation wishing to provide cloud services is able to do so. “The picture will be very different in 10 years' time. Providers will have to abide by standards if they want to offer such services.”

However, he notes, the introduction of these standards will, in turn, attract malware writers, as has been amply demonstrated by the standardisation of PCs, with the vast majority running Windows.

“Once cloud computing reaches critical mass, there will probably be a few highly-specialised hackers who know how to break into cloud systems in order to steal or manipulate data, and they will be able to make a lot of money,” adds Kalkuhl.

He says cyber criminals will also create worms, Trojans, and other malware, and security companies will create new products to protect their customers from such threats.

Share