Cloud security comment.Commenting on research claiming to show that 53pc of senior IT professionals in the public and private sector believe that cloud computing (1) Running applications in or from network servers. Computing "in the cloud" may refer to a company's own network, but often refers to the Internet and the use of Web browser-based or rich client applications. is too insecure for their business usage, SecurEnvoy says that this perception problem is almost certainly down to cumbersome security and authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. technologies.
According to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. Steve Watts, co-founder of the tokenless two factor authentication specialist, the problem with cloud computing is that the security mechanisms required to secure data as it flows into the cloud - and, perhaps more importantly, when it flows out from the cloud - are both cumbersome and difficult to change. "Encryption technology is now relatively easy to deploy and maintain, but authenticating users tends to be viewed as dependant on Adj. 1. dependant on - determined by conditions or circumstances that follow; "arms sales contingent on the approval of congress"
contingent on, contingent upon, dependant upon, dependent on, dependent upon, depending on, contingent a hardware token that must be carried around by the user. And no token invariably in·var·i·a·ble
Not changing or subject to change; constant.
in·vari·a·bil means no access. Add in the fact that solving problems takes a finite period of time, and the convenience of the cloud rapidly becomes an inconvenience," he said.
"I think it speaks volumes that IT practitioners are concerned that governance and regulatory concerns are holding them back from storing their company data in a cloud environment, although it is interesting to see that I 6pc are going down this cost-effective route with stringent contracts and solid service level agreements in place," he said. What many of these senior IT security professionals are almost certainly unaware of, he went on to say, is that token less 2FA--using a mobile phone as the authentication medium--is very easy to deploy, and even easier to use. Tokenless 2FA, he says, turns any mobile phone--even a budget or legacy handset--into an authenticator, since it uses text message channels to confirm that the user is who they claim to be.
Furthermore, he adds, since most people tote their mobiles around with them everywhere--even around the home--they will almost never be in the situation of being unable to authenticate themselves using their mobile.
"The bottom line here is that tokenless 2FA technology is every bit as secure as a hardware token-based system, but it is vastly more convenient to install and maintain. It is ideal for use with cloud and use," he said.
"Factor in the additional advantage that the system can be changed on the fly if needed - which is something you cannot easily do a hardware token-based platform - and it's no wonder that we are finding businesses using our 2FA technology to secure their cloud logins," he added.
"That's why we were surprised to hear about the results of the Wisegate research results on cloud computing. Clearly the message about the advantages of tokenless 2FA technology still needs to get out."