IT security issues shift as data moves to cloud

The Internet "cloud" has become the hottest topic in computing, and a gold mine for cyber criminals, but the trend has created a new range of security issues that need to be addressed.

The cloud is associated with things like personal emails and music which can be accessed on computers and a range of mobile devices.

But the US military and government agencies from the CIA to the Federal Aviation Administration also use cloud systems to allow data to be accessed anywhere in the world and save money -- and, ostensibly, to enhance security.

Microsoft, Google, Amazon and others are major players in the cloud, which seeks to transfer some of the data storage issues to more sophisticated data centers. Firms like Oracle, SAP and Salesforce.com offer cloud services for business.

Strategy Analytics forecasts US spending on cloud services to grow from $31 billion in 2011 to $82 billion by 2016.

But some experts say security implications of the cloud have not been fully analyzed, and that the cloud may open up new vulnerabilities and problems.

"If past is prologue I don't think any system is absolutely secure," said Stelios Sidiroglou-Douskos, a research scientist at the Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory.

"The analogy most people give is having a lock on your door. It's not a guarantee no one will break in, but it's a question of how much time it will take, and if your lock is better than your neighbor's."

In a cloud environment, "this makes the job of the attacker so much harder, which means the amateur hacker might be obsolete," said Sidiroglou-Douskos, who is working on a US government-funded research project to develop "self-healing" clouds.