RSA's Coviello: Cloud computing not secure enough

Google Translate from English into Chinese (Simplified)

Google Translate from English into French

Google Translate from English into German

Google Translate from English into Italian

Google Translate from English into Japanese

Google Translate from English into Portuguese

Google Translate from English into Russian

Google Translate from English into Spanish

Testing and reviews
- Shareware
- Freeware

Search for software:

DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

July 06th, 2009

RSA's Coviello: Cloud computing not secure enough

Cloud-based services are being rolled out without enough attention being paid to securing these services and the information they handle. That was the finding of a recent study commissioned by RSA Security.

While the report's findings are alarming, there is still time for providers of these services to address the problem, said Art Coviello, executive vice president at EMC and president of RSA Security. The key is to look at security as an integral part of the service and not as an add-on feature, he said.

Coviello recently sat down with IDG News Service to discuss the security of cloud-based services. What follows is an edited transcript of that conversation:

IDG News Service: Were you surprised by the report's findings?

Art Coviello: It was startling to me that a lot of this cloud computing was being done with security left behind, because I viewed cloud computing as an opportunity to really change the way people approached security. In essence, you're rebuilding the information infrastructure from the ground up. It'll be years before all these legacy systems get moved over, either to internal, private clouds or external clouds, or some combination thereof. Ultimately, that's where it's headed and because of that, because we have knowledge and forethought of all the issues we've had in security over the last decade and a half.

One would think that we've learned our lesson about building security in. Having said that, it's still very early days. Although I find the research alarming, I don't necessarily find it conclusive that this is the way it will turn out.

IDGNS: Is part of the problem that vendors aren't necessarily liable for all of the risk associated with offering these services? Would the services be more secure if they had to fully assume all of that risk?

Coviello: It could be if the person that purchases these services are not careful. But it's hard to imagine that any responsible provider of these services would deliberately make their offering insecure. Woe unto them, they'll be out of business pretty quick. The one thing you can rest assured of is if there's any security breach in one of these services, someone is just going to take their infrastructure and go elsewhere. It's a lot easier to do that in a cloud environment than it might be if you've outsourced your infrastructure.

IDGNS: How does a company know that a cloud-computing provider offers a secure service?

Coviello: Enterprises have the wherewithal and the skill to evaluate the cloud provider's capability and their capability in security, and they would be stupid not to do a thorough investigation because they're outsourcing everything.

IDGNS: What do you think is the greatest security weakness for cloud-computing services?

Coviello: It's almost too early to tell. How many instances do you see of cloud computing out there? I can give you a number of places where there could be insecurities. What people tend to worry about is the co-mingling of information, and that's probably the least of anybody's worries because it's very easy to partition data. What they ought to be more worried about is what are the access controls, what the authentication mechanisms are, how you ensure information doesn't somehow leak out to somebody outside.

I'd worry about those things, but these are things that are going to have to be investigated and developed as people start to get a feeling for what cloud computing is all about.

Source: ComputerWorld

	All news for September 18th, 2009:
	20:13	Microsoft Internet Explorer SSL security hole lingers
	20:11	Conservatives call for DNA databases to be reduced
	20:09	McAfee warns of bogus security suite
	20:08	Security market remains buoyant in choppy waters
	20:07	The good and bad of government in the cloud
	20:05	Vista, Windows 7 Are More Secure than Snow Leopard
	20:04	Will Google's Buy of reCAPTCHA Hurt Internet Security?
	20:01	HHS guts health-care breach notification law, groups warn
	20:00	Man gets 15 months for E-Trade skimming scam
	19:59	Sophisticated botnet causing a surge in click fraud
	19:59	Microsoft sues scareware scammers
	19:58	Software company fined for trading with the enemy
	19:58	Misdirected spyware infects Ohio hospital
	19:57	Firefox's Flash check drives 10M to Adobe's download
	19:55	Microsoft, Yahoo in informal talks with EU over search deal
	All news for September 17th, 2009:
	19:59	Wireless Intrusion Detection and Prevention Systems: Selection Criteria
	19:58	How to Compare and Use Wireless Intrusion Detection and Prevention Systems
	19:54	Social Networking a Tool for More Secure ID Management?
	19:52	1.8 million UK postcodes available online
	19:51	Batman 'glide' disabled in anti-piracy measure
	19:47	Study: eBay, Yahoo among most trusted companies
	19:45	One in eight Brits hit by identity theft
	19:44	Attack E-mails Use Fake Shipping Confirmation Ruse
	19:44	An Amazing Laptop Recovery Story
	19:41	Has Conroy's dept received filter report?
	19:39	Will security concerns darken Google's government cloud?
	19:35	New phishing attack chats up victims
	19:34	Report: Skype founders sue Skype
	19:34	Google buys reCAPTCHA to boost book scanning efforts
	19:33	Microsoft offers tools for secure application development

All news for September, 2009
All news for 2009 year
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: www.Anti-Keylogger.Org and www.Keylogger.Org is an independent research projects supported by a team of enthusiasts. If you find this project useful and would like to help foster its continued development, please consider making a donation.

Thanks in advance for your support!


	January 05th, 2010 New version of The Best Keylogger added! more


	September 18th, 2009 Microsoft Internet Explorer SSL security hole lingers more Conservatives call for DNA databases to be reduced more McAfee warns of bogus security suite more Security market remains buoyant in choppy waters more The good and bad of government in the cloud more Vista, Windows 7 Are More Secure than Snow Leopard more Will Google's Buy of reCAPTCHA Hurt Internet Security? more HHS guts health-care breach notification law, groups warn more Man gets 15 months for E-Trade skimming scam more Sophisticated botnet causing a surge in click fraud more Microsoft sues scareware scammers more Software company fined for trading with the enemy more Misdirected spyware infects Ohio hospital more Firefox's Flash check drives 10M to Adobe's download more Microsoft, Yahoo in informal talks with EU over search deal more


We are planning to redesign our site. We would like You to express your opinion in this respect. Would you like to leave the site as it is? What changes would you like to suggest?
	Yes, I like the site as it is.
	It's ok, but some changes are necessary.
	It should be changed completely.

Top

Top