Firms headed for cloud security 'wake-up' call

SINGAPORE--Like it or not, businesses are headed for a cloud security "wake-up" call, which can happen within the next two to three years, according to a security analyst.

Magnus Kalkuhl, senior virus analyst at Kaspersky Lab, noted in an interview that cloud computing is still at a very early stage and aspects such as standards or even security experiences that would otherwise help companies be more judicious in their cloud implementations, are "missing".

Speaking to ZDNet Asia during a stopover in Singapore, Kalkuhl cited the example of the LoveLetter worm that plagued companies and individuals in 2000. Also know as the I Love You virus, the worm appeared as an attachment and when executed, deleted multimedia files as well as attempted to infect machines of other users listed in the first victim's Microsoft Outlook address book.

When the attack emerged, Microsoft fixed the issue in Outlook so that attachments could no longer be executed automatically. "The whole world learnt a lesson [from the incident, as] to what e-mail security really meant," he said, noting that in principle, the security loophole could have been easily identified.

Similarly, cloud computing needs and will eventually have a "wake-up event" to compel people to understand more about the risks, learn from the setback and progress, added Kalkuhl.

In terms of technology, cloud infrastructure is also an attractive target for cybercriminals, Kalkuhl noted. Once hackers gain access to the main system, they would be able to gain control over other virtual machines connected to the main server, he explained.

In fact, conversations brewing in the hacker community suggest it would be "cool" to be the first to break cloud systems, he said.

However, for hackers to seriously consider making their move on cloud infrastructure, there must first be a substantial pool of users, Kalkuhl pointed out.

With 2010 earmarked as the year when many companies will start looking more closely or dipping their feet into cloud environments, he said it would take about two to three years for cloud computing to become mainstream--and therefore, lucrative targets for cybercriminals.

Rise of virtual identities
Kalkuhl added that he expects to see a stronger focus on virtual identities going forward, as more transactions and information are moved online.

The idea of a digital passport will evolve over time with Internet users having one or more digital identities, he explained, depending on the type of transaction they conduct. That way, consumers will not need to give out their real identity for every activity conducted online, and all the merchant or verifying organization needs to do is check the authenticity of the digital credentials.

These virtual identities, said Kalkuhl, may not necessarily be issued by the government. Banks, for example, can be an entity to which users are willing to entrust their actual identities and personal information.