Weak cloud password security highlights strength of local storage

by Michael Smith (Veshengro)

Basingstoke, August 2009 – Reports that researchers at the Black Hat security briefings in Las Vegas drove an electronic steamroller through password recovery systems on Amazon's EC2 and Microsoft's Online Office services come as no surprise, says Andy Cordial, Origin Storage's managing director.

"Password resetting and other security mechanisms in the cloud are always going to be a weak link, as long as user-friendliness comes ahead of security in the cloud computing beauty stakes," he said.

"Expecting regular Joes to whip out a two-factor authentication device for use with a cloud-driven service just isn't realistic. It's not going to happen," he added.

According to Cordial, whose company specializes in secure storage of the bricks and mortar variety, developing a transparent security system for use in the cloud is going to be a seriously uphill task for developers.

Even if the developers succeed in creating a viable and transparent authentication system that can be used on a notebook in a coffee shop in the real world, getting that technology to be accepted on a widespread scale is going to take time, he explained.

On the other hand, he said, installing a user-transparent but high-security hard drive or cluster of hard drives, in an office environment is very easy to implement.

So easy, he noted, that most users need not be aware of the fact their data is being encrypted - and decrypted - to military standards in the background and on-the-fly.

"Secure cloud computing will definitely be the norm for most users in about ten years' time. Until then, encrypted local storage will meet users' needs," he said.

"And the encrypted hard drive technology that is available today can also be acquired for a lot less than you might think," he added.

The biggest problem in all of password security, and especially as regards to “in the cloud” is the human factor.

As Andy Cordial, Origin Storage's managing director said, expecting regular users, the “regular Joes”, to whip out a two-factor authentication device for use with a cloud-driven service just isn't realistic. It's not going to happen. Also strong passwords made up of special signs and such are not going to happen either.

We may have come a little further than “password” for the password but that is about all. We have not gotten much further though, of that we can be certain.

Encrypted hardware technology, as in terra firma hard drives, is still the best choice. Also you can be guaranteed, unless the HDD in fact goes belly up or you really forget the password and have no way of getting at the data, that you can get to your data and that it is 100% your data.

Personally I have looked at “in the cloud” storage but have found all services, especially here the free ones, lacking in a number of ways, not the least of them being that the EULA of many of them state that as a user I would hand over copyright of all materials stored on their drives to them for use as and when they please. Sorry, pardon me? My material is my material, and that's it. I share the copyright with no one.

So, to sum up in the spirit of this: get yourself some good terra firma storage media in the form of external hard drives, servers, and such like and keep the data in house, regardless of the size of your enterprise and even for the home user.

For more on the Black Hat cloud (in)security revelations: http://preview.tinyurl.com/nmm9an

For more on Origin Storage: http://www.originstorage.com

This article was produced from a press release supplied by Eskenzi PR.

© 2009