RSA 2010: HP shares findings on cloud security study

HP has posted the findings of a new study on cloud computing security.

The company commissioned the study along with the Cloud Security Alliance in the run-up to the RSA 2010 conference, which opens today. The peer-review study examined 29 enterprises, service providers and consulting firms.

Researchers found that companies faced a mixture of both malicious and accidental data loss dangers when adopting web services. The vulnerabilities also varied from malicious internal attacks to unintentional breaches from partners or end-users.

Among the most critical areas of vulnerability outlined in the report were application programming interface (API) development tools.

By tying so many other services into a cloud computing application, researchers suggested that companies were putting themselves at risk for a "weakest link" situation in which one service can be compromised and lead to an attack on all connected applications.

Other possible risks noted in the report include actions from malicious or disgruntled administrators and employees, online malware attacks and botnets, and the possibility of account theft.

By issuing the report, the companies hope to help firms better plan their cloud transitions and better understand cloud security, often cited as a major hurdle for the adoption of online services.

"Cloud services are clearly the next generation of information technology that enterprises must master," said Jim Reavis, security consultant and founder of the Cloud Security Alliance.

"The objective of this report was to not only identify those threats which are most germane to IT organisations but also help organisations understand how to proactively protect themselves."