RSA 2010: HP publishes cloud security study

RSA 2010

HP has published the findings of a new study on cloud computing security carried out in conjunction with the Cloud Security Alliance.

The peer-review study, unveiled in the run-up to this year's RSA 2010 conference, examined 29 enterprises, service providers and consulting firms.

Researchers found that companies face a mixture of malicious and accidental data loss dangers when adopting web services, varying from internal attacks to unintentional breaches from partners or end users.

Application programming interface development tools are among the most critical areas, according to the report.

Tying many other services into a cloud computing application puts companies at risk of a "weak link", in which one service can be compromised and lead to an attack on all connected applications.

Other possible risks noted in the report include actions from malicious or disgruntled administrators and employees, online malware attacks and botnets, and the possibility of account theft.

HP and the Cloud Security Alliance hope that the report will help organisations to better plan cloud transitions and improve security, which is often cited as a major hurdle in the adoption of online services.

"Cloud services are clearly the next generation of information technology that enterprises must master," said Jim Reavis, security consultant and founder of the Cloud Security Alliance.

"The objective of this report was to identify those threats which are most germane to IT organisations, and help them understand how to protect themselves. "