Security fears holding back cloud computing

Many companies still need convincing that cloud computing is safe

Cloud computing is being held back by corporate concerns about security, according to Cisco's 2009 Annual Security Report, which found that data security and the control companies have over their information are the key factors holding back full-scale adoption of the model.

"The interest in cloud computing is enormous, but fear over security is very real," Scott Olechowski, Cisco security research manager, told V3.co.uk. "It's holding back a move. Security and control are the top two things we hear in the field."

The report also highlighted the extreme measures some companies are taking to combat online banking fraud, such as using a dedicated computer for communicating with banks to avoid the risk of passwords being stolen and bank accounts drained.

"We have also seen customers resorting to using virtual images on machines that they set up for one transfer and then wipe," said Olechowski.

The malware industry is also becoming increasingly successful and profitable, according to the report. The most lucrative area at the moment is scareware scams, where users are falsely warned of a virus infection and encouraged to buy bogus security software. The report claimed to have tracked one scareware dealer who had earned $5m (£3m) in just 12 months.

"It is such an effective technique. You are getting the money direct from the user, so the risk is lower. There are sophisticated marketing models about this. They use infected PCs in botnets to install the software and reap the rewards," said Olechowski.

The report also had high praise for the Conficker Working Group that was set up after fears that the malware could bring down major networks.

"The Conficker Working Group put massive pressure on the writers of the malware," said Henry Stern, senior security researcher at Cisco.

"It forced drastic changes in the software on a routine basis, countering it effectively. April 1st may have been a fizzle but it was a major plus [for the security industry] because it preceded them taking action on that day. The amount of light being shined on that botnet made it difficult to make money from it."

Similar action is also hindering the progress of spam networks, albeit in a limited way. The closure of McColo and others had helped temporarily to reduce spam, the report found, but it had recovered and bounced back in new markets thanks to broadband access.

"The McColo shutdown had a very large effect," said Stern. "We saw decreases in spam in industrialised areas, but we're also seeing major increases in emerging countries like Brazil where broadband is just coming in."