Weak cloud password security highlights strength of local storage
August 2009 by Andy Cordial, Origin Storage’s managing director
Reports that researchers at the Black Hat security briefings in Las Vegas drove an electronic steamroller through password recovery systems on Amazon’s EC2 and Microsoft’s Online Office services come as no surprise, says Andy Cordial, Origin Storage’s managing director.
"Password resetting and other security mechanisms in the cloud are always going to be a weak link, as long as user-friendliness comes ahead of security in the cloud computing beauty stakes," he said.
"Expecting regular joes to whip out a two-factor authentication device for use with a cloud-driven service just isn’t realistic. It’s not going to happen," he added.
According to Cordial, whose company specialises in secure storage of the bricks and mortar variety, developing a transparent security system for use in the cloud is going to be a seriously uphill task for developers.
Even if the developers succeed in creating a viable and transparent authentication system that can be used on a notebook in a coffee shop in the real world, getting that technology to be accepted on a widespread scale is going to take time, he explained.
On the other hand, he said, installing a user-transparent but high-security hard drive or cluster of hard drives, in an office environment is very easy to implement.
So easy, he noted, that most users need not be aware of the fact their data is being encrypted - and decrypted - to military standards in the background and on-the-fly.
"Secure cloud computing will definitely be the norm for most users in about ten years’ time. Until then, encrypted local storage will meet users’ needs," he said.
"And the encrypted hard drive technology that is available today can also be acquired for a lot less than you might think," he added.