RSS Alerts

Related Links

Related Stories

  • Data lost, not found: Why data loss is still prevalent in many organisations
    Eighteen months on from the HMRC data loss scandal - where contractors lost the details of 25 million Britons - Stephen Pritchard investigates why there is little evidence that the rate of privacy breaches is falling
  • Learn about how to protect against data-stealing malware
    Data-stealing malware that can evade current security systems could cause serious harm to an enterprise. Trend Micro’s eBook ‘Outthink the Threat’ offers information on data-stealing malware and how to fight it.
  • Council staff breach security of National ID database
    The Department of Work and Pensions (DWP) have admitted that 33 public sector workers across 30 local authorities have accessed the Customer Information System (CIS) “without business justification”.
  • UK government loses data on 25m Britons
    The UK government has lost personal data on every child in the country, as well as national insurance numbers and bank account details of parents and carers claiming child benefit, on two password-protected CDs sent through an internal mail service.
  • Leaving a trace
    IT forensics is seen by many in the industry as something of a black art. But it's actually a highly professional discipline, with professional software to assist, as Steve Gold discovers

News

Does weak cloud password security mean local storage is best?

05 August 2009

Hard on the heels of researchers at last week's Black Hat security briefings showing how easy it is to recover third party passwords on Amazon's EC2 and Microsoft's Office Online services, Andy Cordial, Origin Storage's managing director, said that this highlights the fact that local storage technology is far more secure than the cloud.

According to the MD of the data storage solutions vendor - which specialises in encrypted and secure storage technology - password resetting and other security mechanisms in the cloud are always going to be a weak link, as long as user-friendliness comes ahead of security in the cloud computing beauty stakes.

Expecting the man in the street, he said, to whip out a two-factor authentication device for use with a cloud-driven service just isn't realistic. "It's not going to happen", he added.

Cordial noted that developing a transparent security system for use in the cloud is going to be a seriously uphill task for developers.

Even if the developers succeed in creating a viable and transparent cloud authentication system that can be used on a notebook in a coffee shop in the real world, getting that technology to be accepted on a widespread scale is going to take time, he explained.

On the other hand, he said, installing a user-transparent but high-security hard drive or cluster of hard drives, in an office environment, is very easy to implement.

So easy, he added, that most users need not be aware of the fact their data is being encrypted - and decrypted - to military standards in the background and on-the-fly.

"Secure cloud computing will definitely be the norm for most users in about ten years' time. Until then, encrypted local storage will meet users' needs", he said.

 

This article is featured in:
Compliance and Policy Data Loss Encryption Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water