Make the provider responsible

Share this article:
Adam Vincent
Adam Vincent
Cloud computing offers enterprises many attractive financial and technological benefits. Using third-party cloud services, enterprises can quickly and affordably increase and decrease service or compute power at will. But the cloud is also fast becoming the backbone for hackers who easily tap into its compute power, speed and flexibility to launch their attacks with anonymity and minimal capital investment.

There are three major types of threats that are made easier with cloud computing: denial-of-service (DoS) attacks, cryptographic analysis and code-breaking, and command-and-control activities. Hacking from the cloud makes perfect business sense, but when the clouds attack, who is responsible?

One day, cloud providers may be held partly responsible for taking preventative action, using familiar checks and balances to prevent malicious use of their services while still offering customers the advantages of the technology.

With just three simple steps, cloud providers could change the dynamic today and deter potential attackers from abusing their services. The first step is credit checks. Cloud providers could require potential customers to complete a personal or company credit review to rent services. Second is ID verification. Providers could verify the customer's identity and credit card number are genuine. And third, providers should occasionally check on a consumer's activity, perhaps with preapproval from the consumer.

Many service providers and customers alike will balk at any potential restrictions on cloud use. Although monitoring cloud user activity may effectively stymie malicious activities, it also violates the basic assumption that a consumer's use of the cloud is completely private and that data can be encrypted to deny third-party visibility/access.

Yet, every cloud provider should be thinking about these issues. Otherwise, public, legal and industry perception may shift to consider those providers which don't put safeguards in place as at least partially responsible for attacks launched from their servers.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Features

Transparency reports useful, but more info needed on 'digital searches'

Transparency reports useful, but more info needed on ...

Transparency reports are common these days, but the information they provide can still be difficult to read and understand.

Same battle, different field

Same battle, different field

Cyberwarfare is so new that the ground rules are still being established. Nazan Osman provides an overview.

Passwords are passé

Passwords are passé

New solutions are gaining traction to complement, or replace, the legacy use of username and password, reports Ashley Carman.