Vulnerabilities in password reset functions for online
services from Amazon and Microsoft have cast fresh doubt on the
security of cloud computing.
Researchers demonstrated the flaws in
Amazon's Elastic Compute Cloud and
Microsoft's online version of Office at last week's Black Hat
security conference in Las Vegas.
Similar vulnerabilities in free e-mail services that send
passwords to an alternate address or ask security questions based
on searchable information also represent a risk.
A hacker was recently able to access corporate data belonging to
Twitter stored in a Google cloud-based application by exploiting a
flaw in e-mail password resets.
Security experts say the
cloud computing model is still immature and will have to
demonstrate a higher level of security to satisfy most enterprise
users.
Data vulnerabilities will be great in the next two years,
according to Jason Creasey, head of research at the
Information Security Forum.
Cloud computing will probably become the norm for business
organisations in the longer-term, but it will take 10 years for the
model to mature to that level, he said.