So.... the consensus is that cloud computing is
good to save businesses money, but opens up a
ton of horrible possible disasters. I don't
think I've read "Pearl Harbor" and "9/11" or so
many doomsday phrases in one article in a
while.
I'll say this. I don't see cloud computing
completely overtaking people's home PCs for
quite some time. But there definitely is a
trend. Google for productivity, OnLive for
gaming, etc. It still remains to be seen if
average consumers are going to buy in.
Cryptography experts debate cloud-computing risks
Summary
A group of security experts, whose work in encryption is used to protect internet data and communications, debated about cloud computing at the RSA Security Conference.
Topics
A group of pioneers in the security field, whose work in encryption is used to protect internet data and communications every day, spoke about the state of security at a cryptographer's panel at the RSA security conference in San Francisco on Tuesday.
They tackled various questions about cybersecurity in general, but the topic that dominated was cloud computing.
"Cloud computing is a challenge to security, but one that can be overcome," said Whitfield Diffie, chief security officer at Sun. "I believe cloud computing will get to [the point] where no real program... will be done anymore on the computers of the company that's doing it," he said.
"I'm worried about cloud computing," said Adi Shamir, a computer science professor at the Weizmann Institute of Science in Israel. He explained that while a virus or other problem on a desktop computer can be a big annoyance, computation centers in hosted computing could spread problems more widely.
Bruce Schneier, chief security technology officer at BT Counterpane, said: "I'm kind of bored with it." Scneier said that although cloud computing is presented as a new paradigm, fundamentally he did not see a lot of differences between it and client-server and dumb terminals. "It's still all about trust," he added.
Ronald Rivest, a computer science professor at MIT, predicted that cloud computing "will really be a focal point in our work in security." "I'm optimistic about cloud computing," Rivest said. "I think a lot of us have hard work to do."
Asked about their thoughts on the likelihood of a 'Digital Pearl Harbor', the researchers concurred that the threat is hyped.
The talk about risks of a cyberattack on the magnitude of a Pearl Harbor strike is overblown, said Schneier. The real threat "will be boring things" such as viruses, identity theft and buffer overflows. "We're better as an industry if... we look at the more common risks... that cost [people] money."
"We're more likely to suffer a digital 9/11," said Diffie. Pearl Harbor was an attack by a known entity as opposed to an unknown threat from a mysterious source, as cyberattacks tend to be, he said. "I think we could suffer some astounding event," he added, noting that there was an electricity blackout in the 1990s and a severe telephone outage in the 1980s due to a bug.
Shamir said cyberattacks should be put in perspective and compared with other events that can have even more serious consequences. "If the government has extra money to spend they should spend it on regulating the financial markets and not spend it on regulating cybersecurity," he said.
Martin Hellman, professor emeritus at Stanford, said he has been focusing on nuclear weapons security lately and looking at how risky nuclear deterrence is with his NuclearRisk.org site. It is "at least 1,000 times riskier than having a nuclear power plant located near your home", he said.
Technology "has given human beings power that has historically been reserved for the gods; the ability to create new life forms, the ability to destroy civilization, and the potential for creating unbelievable co-operation or unbelievable chaos," Hellman said.
"Our species is like a 16-year-old with a new driver's license who somehow gets his hands on a 500-horsepower Ferrari," Hellman said, adding that people need to learn to control their impulses or risk destroying everything.
This article was originally posted on CNET News.
Talkback Most Recent of 3 Talkback(s)
-
Uncle Ebeneezer22nd Apr 2009 -
What cause for optimism?
Whatever might be possible theoretically, where is there any experience that says that security of the Internet (and computers connected to it) is under any kind of reasonable control? Several times a year, huge data thefts occur at reputable computing entities. I haven't seen estimates of the resulting damages. But the costs of the ongoing security war have been estimated, roughly (the following impressions are just my summary of media reports-- whether the numbers are right or not is important, but beyond my reach).
Billions of dollars are spent "securing" systems against viruses, trojans and other threats. Billions are spent developing and deploying commercial and illicit techniques for invasions. Still more is spent on repairing damages from such invasions. Who knows what governments or terrorists are doing under cover?
So, where is there any evidence that cybersecurity efforts are successful, or even improving?
Why would there not be an occasion when an attack is 100's or 1000's of times more successful than the "noise" level, and how could the potential for such an attack be estimated amidst the noise?
The enormous dependence of the US (world)economy and government on computers is obvious. In my view, the addition of cloud computing to the cybersecurity stew is an enormous compromise in security that should be avoided. Any apparent cost savings will be overwhelmed by increases in vulnerability.
w_c_mead23rd Apr 2009 -
cloud-computing risks
Crypto is worth 25cents in the dollar context of trusting someone else to hold your data (hold = not to lose it, screw it up, steal it, sell it, or let any other knobhead get anywhere near it:physically or virtually).
muzza200524th Apr 2009
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
