Security problems with cloud computing – identified by a US military professor at the Defcon security convention last week – have been confirmed by ISACA (Information Systems Audit and Control Association).
However, the governance and security association says that technology can overcome the issues.
Says Sarb Sembhi, president of ISACA’s London Chapter: “The comments of Greg Conti in Las Vegas last week highlight the problems that the IT security industry will face in the next few years if, as the experts are predicting, companies move on up the efficiency and financial benefits that cloud computing will bring them.”
Conti pointed out that early examples of cloud technology, such as simple web-based email services offered by Google and others, are difficult to secure when using standard beb interfaces.
However, Sembhi believes that, two-factor authentication systems, when married with encrypted VPN, can secure an Internet connection into a cloud computing service, making interception of files and transmissions almost impossible.
“While there is no such thing as a totally secure system, especially a system that is accessible across the Internet, our belief at ISACA is that, with the right technology, the new generation of cloud computing system can be made as secure – if not more secure – than existing server-based office systems,” he claims.