Countering cloud computing threats

Technology such as two-factor authentication systems, when married to encrypted VPN connections, can secure an internet connection into a cloud computing-based service.

That's the verdict from the Information Systems Audit and Control Association (ISACA), which concludes that using such techniques would tend to make interception of files and transmissions almost impossible.

Sarb Sembhi, president of the ISACA London Chapter, said, "While there is no such thing as a totally secure system, especially a system that is accessible across the internet, our belief is that, with the right technology, the new generation of cloud computing system can be made as secure -- if not more secure -- than existing server-based office systems."

In a poll earlier this year, ISACA found that information security management, along with regulatory compliance and the challenges of managing IT risks, were uppermost in members' minds when it comes to security.

Sembhi said: "…early examples of this technology, such as the simple web-based email services offered by Google and others, are difficult to secure when using standard web interface, but ISACA believes that, with the right technology, these problems can be solved.

Cloud computing security issues were highlighted by U.S. military academy professor Greg Conti at the recent Defcon security convention in Las Vegas.

According to Conti, "The information we are all giving to online companies is massive and dangerous and [security's] going to get worse before it gets better."