Make the provider responsible

Share this article:
Adam Vincent
Adam Vincent
Cloud computing offers enterprises many attractive financial and technological benefits. Using third-party cloud services, enterprises can quickly and affordably increase and decrease service or compute power at will. But the cloud is also fast becoming the backbone for hackers who easily tap into its compute power, speed and flexibility to launch their attacks with anonymity and minimal capital investment.

There are three major types of threats that are made easier with cloud computing: denial-of-service (DoS) attacks, cryptographic analysis and code-breaking, and command-and-control activities. Hacking from the cloud makes perfect business sense, but when the clouds attack, who is responsible?

One day, cloud providers may be held partly responsible for taking preventative action, using familiar checks and balances to prevent malicious use of their services while still offering customers the advantages of the technology.

With just three simple steps, cloud providers could change the dynamic today and deter potential attackers from abusing their services. The first step is credit checks. Cloud providers could require potential customers to complete a personal or company credit review to rent services. Second is ID verification. Providers could verify the customer's identity and credit card number are genuine. And third, providers should occasionally check on a consumer's activity, perhaps with preapproval from the consumer.

Many service providers and customers alike will balk at any potential restrictions on cloud use. Although monitoring cloud user activity may effectively stymie malicious activities, it also violates the basic assumption that a consumer's use of the cloud is completely private and that data can be encrypted to deny third-party visibility/access.

Yet, every cloud provider should be thinking about these issues. Otherwise, public, legal and industry perception may shift to consider those providers which don't put safeguards in place as at least partially responsible for attacks launched from their servers.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Features

Game theory: Cyber preparedness

Game theory: Cyber preparedness

Business leaders are beginning to fathom the importance of cyber war game simulation exercises, reports James Hale.

Forward progress: How the Denver Broncos really play defense

Forward progress: How the Denver Broncos really play ...

Off the field, demand for bandwidth and protection from network threats set the ball in motion for the Denver Broncos. Greg Masters reports.

Smart defense: A talk with industry veteran Gene Fredriksen

Smart defense: A talk with industry veteran Gene ...

Today's CISO must stay ahead of attackers, says Gene Fredriksen, CISO at PSCU. Teri Robinson talks one on one with the industry veteran.