Make the provider responsible

Share this article:
Adam Vincent
Adam Vincent
Cloud computing offers enterprises many attractive financial and technological benefits. Using third-party cloud services, enterprises can quickly and affordably increase and decrease service or compute power at will. But the cloud is also fast becoming the backbone for hackers who easily tap into its compute power, speed and flexibility to launch their attacks with anonymity and minimal capital investment.

There are three major types of threats that are made easier with cloud computing: denial-of-service (DoS) attacks, cryptographic analysis and code-breaking, and command-and-control activities. Hacking from the cloud makes perfect business sense, but when the clouds attack, who is responsible?

One day, cloud providers may be held partly responsible for taking preventative action, using familiar checks and balances to prevent malicious use of their services while still offering customers the advantages of the technology.

With just three simple steps, cloud providers could change the dynamic today and deter potential attackers from abusing their services. The first step is credit checks. Cloud providers could require potential customers to complete a personal or company credit review to rent services. Second is ID verification. Providers could verify the customer's identity and credit card number are genuine. And third, providers should occasionally check on a consumer's activity, perhaps with preapproval from the consumer.

Many service providers and customers alike will balk at any potential restrictions on cloud use. Although monitoring cloud user activity may effectively stymie malicious activities, it also violates the basic assumption that a consumer's use of the cloud is completely private and that data can be encrypted to deny third-party visibility/access.

Yet, every cloud provider should be thinking about these issues. Otherwise, public, legal and industry perception may shift to consider those providers which don't put safeguards in place as at least partially responsible for attacks launched from their servers.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Features

Case study: Big LAN on campus

Case study: Big LAN on campus

A university rolled out a wireless network, but was hampered with a user-support problem...until a solution was found. Greg Masters reports.

2014 Women in IT Security: Stacey Halota

2014 Women in IT Security: Stacey Halota

When she stepped into the job of vice president of information security and privacy at Graham Holdings Company in 2003, Stacey Halota had to carve out new territory because her ...

What's sex got to do with it?

What's sex got to do with it?

Harassment has no place in the security industry. Neither do sexism or discrimination. But, there they are. It's time for infosec to just say no, reports Teri Robinson.