• silicon.com
• Technology
• Security

By Steve Ranger, 22 April 2009 15:30

NEWS

Cloud computing might be the hottest tech trend (and certainly the most hyped), but experts are split over whether IT chiefs should be worrying about the security risks behind it.

Speaking at the RSA Conference, Whitfield Diffie, chief security officer at Sun, was enthusiastic about cloud technology, predicting that at some point cloud computing will mean that "no real [programming] will ever be done anymore on the computers of the company that's doing it".

But speaking on the same cryptography panel, Professor Adi Shamir of the Computer Science Department at the Weizmann Institute of Science in Israel was less optimistic.

"I'm getting very worried about it," he said, arguing that as we move to a world where the majority of computing power is housed in a small number of datacentres that we could be "facing a real danger that hackers would be able to take one of these datacentres out of commission - and that would have a catastrophic effect".

Bruce Schneier, chief security technology officer at BT Counterpane, was less concerned: "It's presented as a new paradigm but fundamentally I don't see a lot of difference - we still have to trust our vendors," he said.

UK CIOs have already voiced their reluctance to get involved with cloud computing at the moment, citing security concerns as one reason for holding back.

However, at a separate RSA panel session, Mary Ann Davidson, chief security officer at Oracle, suggested that many of the issues around cloud computing will in the end come down to standard due diligence.

"One of the things that will happen is that services will evolve depending on people's appetite for risk. There's going to be a continuum of what these services are and what they offer - that means you will have more options in terms of how much risk you want to take.

"You can outsource the provision of the service but you can't outsource the responsibility - you have to do a good job of vetting the service," she said.

"You are never going to be 100 per cent certain that things are perfect but you don't have that [running services] in your own organisation," she added.