Cloud networks 'at risk' from cyber outlaws

Cloud data centres are vulnerable and "remain largely untested" when it comes to plugging security holes, says the report.

PwC also reveals one in five surveyed outsources its network applications and firewall responsibilities to third parties, often with no guarantees of absolute security.

US and UK finance IT security experts joined forces last week to place businesses on high alert, warning they risk putting highly sensitive data online using unsecured and unproven methods.

Cloud data centre services are set to dominate Microsoft's four-day worldwide partners conference in Washington DC, which starts tomorrow.

Ed Gibson, a former FBI senior agent and now director of PwC's US forensics technology solutions practice based in Washington and formerly Microsoft's UK chief security adviser, says cyber security is "critically important", as is understanding what preventive measures stop attacks.

Gartner analyst Neil MacDonald agrees, adding that the security implications of such data centres are "at a critical point" as businesses are pressured to deploy their entire databases on the cloud.

The trouble is, says Charles Beard, chief information officer at Science Applications International Corp, that "adoption of cloud technology is well ahead of the efforts to properly secure and govern it".

Under the old business model everyone got together in the same building. "Now everyone is using the internet and mobile devices… as we're exposed to the dark side of cyberspace."

Most of the corporate tech giants are encouraging firms to sign up and outsource their information to proprietary-based cloud data centres, with promises that hardware, software and maintenance costs will be practically eliminated.

Cloud computing services, along with the virtualisation of commercial processes, is rapidly becoming a multi-billion-dollar industry as the practice sweeps business desktops.

However, Neverfail, a business continuity consultancy, says a major outage or IT disruption can cause lost business to the tune of 10,000 an hour, and up to 1 million if a full commercial day is lost.

As anxieties rise that some data centres remain wide open to cyber attacks, especially when servicing banks, credit card payments and other finance gateways, a lack of proper governance is a key issue.

A centre can be "virtually" taken over to steal information, using "malware" tools such as trojans, botnets, spam and viruses.

Firms embarked on a post-recession dash to cut overheads and gain a competitive edge are often overlooking internet security issues, experts believe.. Behind-the-scenes evidence is mounting of security breaches having already occurred, but the subject is all shrouded in commercial confidentiality. Lost confidence from a cyber fraud, economic espionage or intellectual property theft risks bringing a business down.

Cybercrime also occurs "from the inside", claims Credant's data encryption, security and compliance specialist Tim Pollard. He points to data centre employees being bribed to sneak out material on memory sticks or by e-mail.

Chris Hoff, Cisco Systems' cloud and virtualisation solutions director, admits that everyone needs "to better understand the risks" associated with cloud computing.

Microsoft's Robert Epstein, UK head of sales and marketing (small to medium-sized businesses), says firms should ask tough questions about cybertrust standards and independent certification.

Darren Brown, BT Engage UK technology solutions specialist, adds that companies should closely check what IT systems and firewalls exist before committing to any particular data centre offering.

But CSC's Ron Brown, director of cloud computing services, says security validation remains an issue.

Carole Thierault, a senior security consultant with Sophos, urges caution: "Attacks are a nightmare to defend against if people do not regularly update or use anti-virus systems."

Keith Inch, managing director of Glasgow's Digital IP, one of a dozen Scottish firms at the DC event, adds: "Play safe and never go it alone. It is imperative a company or organisation chooses the right partner with expertise."