Cloud
Commentary
7/15/2009
09:08 AM
David Linthicum
David Linthicum
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Beware the Dreaded Cloud Pirates!

I think the rise of cloud computing will leave many openings for criminals to take advantage of this paradigm shift. While many are concerned about malware and other types of attacks, the real money is to be made by fronting somebody else's intellectual property as your own, selling it "as a service."

In this San Jose Mercury News article, "Cloud computing may create new venues for high-tech criminals," Brandon Bailey outlines a compelling case around a potential downside of cloud computing: crime.

Matt Parrella, the federal government's top tech prosecutor in the Bay Area, had this to say:

"The trend toward cloud computing, in which businesses and consumers use the Internet to access data and software stored in remote servers, instead of their own computers, may create new opportunities for crime," Parrella suggested.

As an example, he mentioned cases that focused on shady operators who used overseas factories to crank out copies of counterfeit software on disks. Those cases may decline as software is more commonly sold online, Parrella said.

I see it as a bit more fundamental than that. I think the rise of cloud computing, typically by small businesses, will leave many openings for criminals to take advantage of this paradigm shift. While many are concerned about malware and other types of attacks, the real money is to be made by fronting somebody else's intellectual property as your own, selling it "as a service."

Take database technology, for instance. While you can lease Oracle as-a-service on the up-and-up from a cloud computing provider, what's to stop somebody else from placing a major brand database in their cloud and selling it as a multitenant service at a deep discount? Not much, considering that it's not difficult to do set up clouds these days, and it's just a matter of placing a provisioning engine in front of the technology, and you're in business. Same can be said for major enterprise applications, proprietary and sometimes confidential data, and other software intellectual property that can be delivered over the Internet.

Just like some issues with pornography and gambling sites, many of the criminal cloud computing sites will exist offshore and out of the reach of US laws. They will be difficult to prosecute, other than going after those who leverage the services, much like they are doing with the peer-to-peer music collectors these days. In many cases, I suspect, those who use sites that provide software-delivered IP that they don't own, won't know they are doing anything wrong until the Feds knock at their door. Or, worse, until you're sued by a software vendor for using services that you never knew were owned by them rather than your provider.

While there is really nothing you can do about these types of activities as a business, there are steps you can take to protect yourself:

First, make sure to create and communicate policies around the use of cloud-delivered resources, including the ability to validate the IP ownership, and establish formal agreements that limit your liability in case of IP violation.

Second, make sure to monitor use of remote sites. While this seems big brother-ish, I would look for patterns where a particular site is consuming a lot of bandwidth, and see if they are perhaps unsanctioned cloud computing sites that could come back and bite you.

Finally, provide training around the use of cloud computing, including some of the legal issues that should be understood. In most cases, knowledge provides the best protection.

This should not scare you away from cloud computing; it's just a cautionary tale to be a bit careful about whom you get into bed with.I think the rise of cloud computing will leave many openings for criminals to take advantage of this paradigm shift. While many are concerned about malware and other types of attacks, the real money is to be made by fronting somebody else's intellectual property as your own, selling it "as a service."

Comment  | 
Print  | 
More Insights
2014 Next-Gen WAN Survey
2014 Next-Gen WAN Survey
While 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.