This whole Wikileaks thing has raised a lot of questions about not only the cloud but even the Internet”s as a whole ability to withstand both cyber attack and political pressure. As Misha wrote yesterday, despite what some may say the cloud is no more immune or safe from concerted DDOS attacks than a non-cloud deployment. In fact many of our public cloud providers are relatively unsophisticated in dealing with a DDOS attack against one of the hosted customers.
On the other hand, do not think for a second that the extreme political pressure bought to bare on both Amazon’s AWS and now EveryDNS, who hosted their domain did not play a major role in their decisions to cut Wikileaks off. If you don’t think so you are either really naive and I have a bridge I would like to sell you or you are fooling yourself because you believe the Wikileaks people are terrorists or at the least guilty of espionage. For those of you in that camp, here is a what Rep Ron Paul says regarding Wikileaks on twitter: In a free society, we are supposed to know the truth. In a society where truth becomes treason, we are in big trouble.
In any event though lets stay out of the politics and stick to the cloud and security. One of the points that I think always gets people a little wary about cloud adoption is the fact that you are sharing infrastructure and resources with everyone else on that cloud. So if someone you are sharing with is using an exorbitant amount of resources and the cloud host cannot control that, you will be resource starved.
This reminds me of my own time back in the pre-historic day of web hosting. We would sell a shared hosting account for $49.95 a month. We gave you a set amount of storage, but didn’t charge extra for bandwidth. Sounds to good to be true right? Like most things in life it was. What happened was that we would take all of the sites using lots of bandwidth and put them all on one shared machine. All of these bandwidth hogs would then have to fight it out over resources to push out their data. The result is that the machine ran at a snails pace and no one hosted on it was very happy. We would then give them an option to move up to their own dedicated server with guaranteed bandwidth that they had to pay for.
But you can’t do that with the cloud could you? Yes you can. If you were to somehow filter out not just the bandwidth but the connections that a customer could engage in a given period, you could insure enough resources for everyone else. I don’t know if today’s cloud providers have that kind of control, but if you could you would I guess.
At the end of the day though, that is a technology problem. Technology problems can always be solved with new technology. So while cloud providers are not immune to DDOS and may not be able to guarantee everyone else the resources they require if one tenant is under the kind of scrutiny and attack that Wikileaks is, given time and resources I am sure we can solve it.
Technology though cannot solve the politics of the issue. How can an Amazon or smaller DNS provider stand up to the wrath and weight of the US Government. No magic black box is going to fix that. That is the real issue, not the security or resources.
What about the flip side. If you want to place your data in the cloud, how do you feel about the ability of the cloud provider to arbitrarily take down your site or data because of political pressure? That is a really interesting question and I would be interested in what you say. It raises the whole issue of Cloud Trust.
BTW, there is one silver lining for the security industry in all of this. No one wants to be the next victim of Wikileaks. I am sure DLP and other security technology vendors are capitalizing on this in their phone and email marketing already. Nothing like a good incident to stir up security sales.
Have a good weekend!
- Cloud protection from DDoS attacks only slightly more effective than snake oil (securecloudreview.com)
- Roundup: WikiLeaks, AWS, the Cloud & the Law (datacenterknowledge.com)
- Amazon’s Wikileaks Rejection Raises Cloud Trust Concerns (pcworld.com)
- Wikileaks has been kicked off its DNS provider (geek.com)
- Wikileaks, Amazon And Public Clouds (cloudave.com)