Top concern at RSA 2010: security of cloud computing

Published 8 March 2010

Cloud computing offers efficiency and cost reduction, but it also offer new opportunities to hackers and cybercriminals; Melissa Hathaway, former senior director for cyberspace for the National Security Council, said the migration toward the cloud is gaining momentum without having satisfactorily addressed several pressing concerns; former National Security Agency technical director Brian Snow said he does not trust the cloud

Cloud computing, the role of government in securing cyberspace and a growing concern over the potential for cyber-warfare dominated conversations at this year’s RSA conference — one of the largest and most important gatherings of the Internet security industry, held last week in San Francisco.

Advocates of cloud computing say it holds the promise of significantly lowering the costs of equipment maintenance and operation while improving mass deployment of software and updates. “Cloud is changing security as we know it. We have the opportunity to put security into the fabric of computing,” said Philippe Courtot, chief executive officer of on-demand security provider Qualys.

San Francisco Chronicle’s Alejandro Martínez-Cabrera writes that the idea of widely adopting and implementing these information management techniques has been met with different levels of caution. Melissa Hathaway, former senior director for cyberspace for the National Security Council, said the migration toward the cloud is gaining momentum without having satisfactorily addressed several pressing concerns. Former National Security Agency technical director Brian Snow said he does not trust the cloud.

Some of the most cited worries were online data’s vulnerability to cyber-attacks, compliance with different security and privacy standards depending on data storage centers’ physical location, and government’s possible access to organizations’ information through audits and search warrants,” Martínez-Cabrera writes.

In one panel discussion, the chief security officers for Nevada, Colorado, Pennsylvania and California said they were carefully assessing the risks involved with cloud computing and weighing them against the cost-cutting benefits for their states. “Because of the economic situation, we can’t ignore the benefits of the cloud, but we have to proceed very carefully,” said Mark Weatherford, California’s chief information security officer.

Martínez-Cabrera notes that another subject of much conversation among security professionals and government representatives was the mutual desire to form more and better public-private sector partnerships to fight the growing tide of cyberthreats.

The visits of top government officials to the conference also illustrated the growing sense of urgency to fortify the U.S. cyber-defenses and better protect critical infrastructure like power grids, water plants, financial institutions and communication networks.

In one panel, Scott Borg, director and chief economist of the nonprofit U.S. Cyber Consequences Unit, warned about the increasingly frequent theft of precious business information — from trade secrets and intellectual property to blueprints and schematics — and said he strongly suspected the information was being used for the advantage of overseas competitors. The growing number of attacks on privately owned critical infrastructure, he said, is blurring the line between cyber-espionage and cyber-warfare. “We’re not talking about the formula of Coca-Cola here,” he said. “Entire industries are being stolen, and the effects are immense.”