January 19, 2011

Up In the Cloud and the Risk from the Other Guy's Mistakes

by Cary J. Calderone

Today I listened to Dr.Herbert Thompson speak about Security and Privacy Issues in the Cloud and one of his points really hit home. One of the factors to consider when weighing your move to the Cloud is the data security on your network versus the data security of your Cloud provider. Frequently, the Cloud provider's dedicated team and latest technology will be much better than anything your company could afford to employ. However, there is another real security threat to your Cloud computing.  What about the other guy?  If another Cloudy in your Cloud gets hacked, can it affect your service?  Yes, and here is why.

In prior posts, we discussed potential slowdowns that occur when your fellow Cloudys over-burden your Cloud.  I have witnessed Cloud slowdown first-hand simply because the Cloud provider was uploading the data for a new customer.  Now, what if that new customer gets hacked with something like a DOS (denial of service) attack?  In a DOS attack a virus causes the network server to keep cycling on the virus-chosen activities, like sending and receiving fake emails.   The virus replicates and grows and continues the process until the server slows down and/or crashes.   In the past, when another company got hacked, it probably did not affect your company network.   However, if the unfortunate hack victim is on your Cloud, it may very well affect you and your network.

This is great example of a not-so-obvious risk to consider when selecting a provider for your move to the Cloud.  Do they have provisioning controls?  Do they have bandwidth vulnerability?  In short, can they protect you from the other guy's mistakes? 

No comments: