Public Cloud Providers – The New Arms Dealers of This Century?
Clouds provide massive amounts of computing resources to work against any problem. For the most part people think about how to use public clouds to better the world. However, there are people who recognize how they can selfishly improve their own situation or bottom line in ways that are illegal or, at the very least, amoral.
Public clouds allowing anyone with a credit card or simply an email address to get a trial account to use virtual machines and storage for free can be a very dangerous situation. It’s a bit like leaving a gun and ammo in the middle of a residential neighborhood. Eventually someone will pick it up and do something with it. Hopefully they will use it for good and defend the neighborhood, but maybe not. Do you want to be considered a casualty of someone else’s misdeeds?
Public clouds are popular because they offer individuals and organizations very powerful tools that were previously inaccessible because the barriers to enter the market were too high logistically and economically. Now a group can gather the equivalent compute power of a super computer for free, from anywhere. Check out the Rob Ragan and Oscar Salazar presentation at BlackHat or the article in Wired Magazine for more about leveraging free cloud capabilities to create a vicious botnet. This can pose a threat to the people both inside and outside of those clouds. Most alarmingly, those people in the cloud that are colocated with these bad actors are even more susceptible to the danger. The geography of the situation results in less protection between your infrastructure and the malicious attacker. You don’t have the same amount of separation, firewalls, monitoring that you would have outside of the public cloud and you become an easier target for the attacker. Furthermore, you may become part of the collateral damage of someone else’s defense against a cyber-attack from these bad actors. For example, if a botnet controller uses your system to spam the world, all of a sudden your domain, IP becomes black listed. Now you are unable to send emails to your business associates. Your IP may be blocked. This is a serious problem for customers and tenants of large cloud providers including Amazon, whose percentage of malware more than doubled to 41% in the 6 months between the last quarter of 2013 and the second quarter of 2014 according to the Q2 Security Engineering Research Team (SERT) report.
There is a better way. This is why with myRacktop we created a cloud that doesn’t allow anonymous free trials. We only allow vetted business customers into our private multi-tenant cloud. We believe our product and security vetting process offers additional value because our customers can trust the security and privacy of our cloud and appreciate that they don’t need to worry so much about what everyone else is doing.