Malicious insiders could hurt cloud computing

A Symantec security expert has warned companies offering services in the cloud that malicious insiders could render security controls useless.

Guy Bunker, chief scientist at Symantec, said that cloud service administrators had "god-like status" when it came to accessing confidential data.

He said that there were already low-key legal cases being taken against cloud service providers, where administrators had access to data.

Bunker said: "This isn't just cases in the cloud we've seen this in enterprises where somebody within the organisation who has access to the data has decided to take it and sell it on to somebody else."

Bunker was speaking at a Symantec-held event about how businesses should cope with cloud computing in terms of security.

The Symantec expert also said that enterprises often didn't know what their sensitive information was or even where it was, and that the cloud compounded the issue.

He said: "The reality moving forward in two to three years is that there will be a much shorter relationship [between businesses and cloud computing vendors]."

He added: "What happens to the data that you put out there and process? Apparently there's no assured delete has the data actually been deleted from the cloud?"

Other speakers suggested that there was no possible international regulatory solution when it came to securing cloud computing, and that the best hope was for businesses to organise a technical standards body.

John Carr, secretary of the UK's Children Charity Coalition for Internet Safety, suggested that there should be a kitemark' - a technical standard for cloud computing.

He said: "Only the businesses can do that. I seriously doubt there is any governmental institution that can get even close."