On Tuesday at the InfoSecurity Summit in Hong Kong, a very interesting point about cloud came up for discussion. While I’ll be one of the first to say cloud gives organizations of all sizes lots of great benefits and resources they might normally have access to, there is another side to cloud. A much darker, scarier side that is being used by cyber-criminals.
Remember a few years ago when everyone was fascinated with how PS3s around the world were being used to contribute computing power to various research projects including Folding@Home? It was a great concept because it was a way for people to contribute resources to aid a good cause.
Well, it’s not much different from cloud computing in a sense. Borrowing extra resources to help process vast amounts of data. Unfortunately, the cause isn’t always noble. It seems cyber-criminals have figured out this too.
It seems that crooks are leveraging cloud for web hosting and leveraging computing power from cloud providers like Amazon to hide their tracks. In fact, last year’s Sony breach of 77 million users’ info was tied to Amazon’s EC2 service.
This raises a lot of red flags when it comes to cloud. On one hand you might argue that better analysis of how customers are using cloud services or more security controls might help reduce illegal activity, but then you get into arguments about privacy of customers’ information. Additionally, if a customer subscribes to a service, do cloud providers have the right to monitor what they do with the service or set restrictions on the type of usage?
It’s not an easy fix. The problem is that cloud is going to continue to enable criminal activity in some form or another. It also means that once again, the role of the security team just got harder.