Expert warns of growing risks of internet-based computing power

Businesses will have to rethink the way they approach security as computing power is distributed increasingly over the internet, a leading cryptographer warned last week.

Businesses will have to rethink the way they approach security as computing power is distributed increasingly over the internet, a leading cryptographer warned last week.

Whitfield Diffie, who invented public key cryptography and is now chief security officer at Sun, said businesses would face new risks in the future, as more computing power is outsourced.

He issued the warning to IT security professionals at the Information Systems Security Association (ISSA) conference in London last week.

Diffie predicted that businesses would use the internet to buy rapid-turnaround computing calculations when they needed them, rather than maintain the capability in-house.

For example, a business designing an engine might send details of the design over the internet to a specialist company, to calculate the heat flow.

The business would have to trust the supplier to delete the data after the calculations were made and not hand it over to a rival firm.

"We are moving to a world where it is no longer possible or economic to localise any computing calculation," said Diffie.

It is already impossible for businesses and individuals to know where data is being processed in their organisation, he said.

Data can be processed by servers in different buildings, or in facilities run by an outsourcing company.

The trend towards decentralisation will create new security problems, as businesses find they increasingly have to trust third parties with sensitive company data.

Organisations will need to develop contracts that can be signed quickly over the internet to ensure the security of their data. Diffie said the contracts will need to be simple enough to ensure that the effort of enforcing them will not be greater than the effort of outsourcing the calculation.

Businesses think nothing of using Google, which performs tens of thousands of calculations on their behalf, even though search terms could divulge intelligence about their business interests, he said.

One approach could be for organisations like chambers of commerce to accredit organisations providing web services.

Although government organisations, such as GCHQ and the US Department of Defense, will continue to process data in-house for as long as possible, eventually they will be forced to outsource calculations as web services take off, said Diffie.

Security a culture thing >>

Worry about data, not terrorism >>

Read more on IT risk management

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close