Welcome!

Cloud Expo Authors: Pat Romanski, Liz McMillan, Elizabeth White, Maureen O'Gara, Dana Gardner

Related Topics: Cloud Expo, Virtualization

Cloud Expo: Article

Cloud Security: The Need for Two-Factor Authentication in Cloud Computing

All Internet services that have personal or business information should offer strong 2-factor authentication
By David Jevans
Article Rating:
August 15, 2008 03:30 PM EDT
Reads:
 13,908

Think about all of the critical data and IT systems that are moving into the cloud these days. Consumer credit reporting, enterprise CRM and sales force automation, customer support systems, banking and stock trading, foreign exchange, DNS management, email security… the list goes on and on, and it is only going to accelerate. Imagine if any one of the above services that you or your company uses were accessed by a hacker or competitor.

Greg Conti, an Assistant Professor of Computer Science at the US Military Academy in West Point, gave a talk at Defcon last week about the dangers of cloud computing. “The information we are all giving to online companies is massive and dangerous and [security's] going to get worse before it gets better.” This has spurred renewed debate in the security industry about strong authentication on the Internet as more and more critical services move into the cloud.

One example was a blog posting of mine earlier this week where where Wells Fargo passwords for using a credit reporting server were somehow stolen, and identity thieves used those access codes to get onto the MicroBilt credit reporting site and mine the personal data, social security numbers, etc of over 7,000 people.

Had this cloud service required the use of authentication tokens or digital certificates in addition to a username and password, this type of breach would not have been possible.

Think about all of the critical data and IT systems that are moving into the cloud these days. Consumer credit reporting, enterprise CRM and sales force automation, customer support systems, banking and stock trading, foreign exchange, DNS management, email security… the list goes on and on, and it is only going to accelerate. Imagine if any one of the above services that you or your company uses were accessed by a hacker or competitor.

The Information Systems Audit and Control Association has released a statement that two-factor authentication systems connected to encrypted communications can secure Internet connections to cloud computing-based services.

“our belief is that, with the right technology, the new generation of cloud computing system can be made as secure — if not more secure — than existing server-based office systems” said Sarb Sembhi, president of the ISACA London Chapter.

My personal belief is that all Internet services that have personal or business information should offer strong 2-factor authentication to their users and customers.

 

Published August 15, 2008 – Reads 13,908
Copyright © 2008 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By David Jevans

David Jevans is the Chief Executive Officer of IronKey, based in Los Altos, California. He is also the Chairman and Founder of the Anti-Phishing Working Group, the leading non-profit organization dedicated to eradicating identity theft and fraud on the Internet. The APWG has over 1,500 member companies and agencies worldwide. Membership is limited to banks and other financial institutions, ISPs, law enforcement agencies and security technology vendors.
Jevans has over 10 years of business experience in the Internet security industry, and has founded two high-tech startups, been through IPO, mergers and acquisitions.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Cloud Expo Breaking News
By Liz McMillan
Many organizations have embraced, or are considering, the benefits of cloud computing – speed, flexibility, increased expertise, shared workload, reduced costs, etc. The benefits are many – but so are the risks. What are the threats to cloud security? Which parties assume responsibility for securing the environment? What about the data? Which type of cloud deployment offers superior security benefits? In her session at the 10th International Cloud Expo, Kristin Lovejoy, Vice President of Infor...
Feb. 14, 2012 11:49 AM EST  Reads: 188
By Pat Romanski
Why are APIs so important in clouds? Do APIs have to be open? How fast or slow will standardization in the cloud be? Why is ensuring high availability for the cloud service critical? In his session at the 10th International Cloud Expo, Mårten Mickos, CEO of Eucalyptus Systems, will answer these questions and address cloud standards, APIs and the critical question: Will we end up with one, two or more competing cloud standards? And, how will this affect the evolution and adoption of cloud comput...
Feb. 14, 2012 11:00 AM EST  Reads: 524
By Elizabeth White
Very few trends in IT have generated as much buzz as cloud computing. In his session at the 10th International Cloud Expo, Mark Hinkle, Director, Cloud Computing Community at Citrix, will cut through the hype and quickly clarify the ontology for cloud computing. The bulk of the conversation will focus on the open source software that can be used to build compute clouds (infrastructure-as-a-service) and the complementary open source management tools that can be combined to automate the management...
Feb. 14, 2012 10:45 AM EST  Reads: 758
By Elizabeth White
Hardware and chemistry improvements will make the $1,000 human genome a reality soon. While the massive amount of genomics data that will be generated represents a huge opportunity to advance personal medicine, it also presents an enormous big data challenge. In his session at the 10th International Cloud Expo, Dr Andreas Sundquist, CEO of DNAnexus, will discuss how the cloud will address these issues by enabling the management, storage, sharing and analysis of the world’s DNA data and how it ...
Feb. 14, 2012 10:00 AM EST  Reads: 647
By Jeremy Geelan
With Cloud Expo 2012 New York (10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and strategy sessions for you every day from June 11 through June 14 dealing with every nook and cranny of Cloud Computing and Big Data, but what of those who are presenting? Who are they, where do they work, what else h...
Feb. 14, 2012 08:00 AM EST  Reads: 960
By Elizabeth White
In 2011, Apache Hadoop received tremendous attention for helping organizations cost-effectively capitalize on their big data. Hadoop is now disrupting the business of analyzing data. In his session at the 10th International Cloud Expo, Eric Baldeschwieler, Co-Founder & CEO of Hortonworks, will look at the current state of the Hadoop project, lessons learned by deploying it at scale, and the roadmap for its future. Big Data Track attendees will learn about the exciting developments that have ...
Feb. 14, 2012 08:00 AM EST  Reads: 1,131
By Jeremy Geelan
With Cloud Expo 2012 New York (10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and strategy sessions for you every day from June 11 through June 14 dealing with every nook and cranny of Cloud Computing and Big Data, but what of those who are presenting? Who are they, where do they work, what else h...
Feb. 14, 2012 07:45 AM EST  Reads: 642
By Jeremy Geelan
With Cloud Expo 2012 New York (10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and strategy sessions for you every day from June 11 through June 14 dealing with every nook and cranny of Cloud Computing and Big Data, but what of those who are presenting? Who are they, where do they work, what else h...
Feb. 14, 2012 07:45 AM EST  Reads: 685
By Jeremy Geelan
With Big Data Expo 2012 New York (co-located with 10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference...
Feb. 14, 2012 07:00 AM EST  Reads: 754
By Pat Romanski
The proliferation of device connectivity is redefining the functionality requirements and capabilities of many embedded systems as more and more of these devices look to leverage the “Cloud.” While many commercial software and hardware component vendors have begun to realign their value propositions to satisfy growing demand, commercial-off-the-shelf products (COTS) alone cannot meet every OEM’s needs. As a result, the Embedded Cloud has injected a new level of uncertainty and a new competitive ...
Feb. 13, 2012 11:06 AM EST  Reads: 545
MORE »