Beware the Dreaded Cloud Pirates! - InformationWeek
IoT
IoT
Cloud
Commentary
7/15/2009
09:08 AM
David Linthicum
David Linthicum
Commentary
50%
50%
RELATED EVENTS
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Beware the Dreaded Cloud Pirates!

I think the rise of cloud computing will leave many openings for criminals to take advantage of this paradigm shift. While many are concerned about malware and other types of attacks, the real money is to be made by fronting somebody else's intellectual property as your own, selling it "as a service."

In this San Jose Mercury News article, "Cloud computing may create new venues for high-tech criminals," Brandon Bailey outlines a compelling case around a potential downside of cloud computing: crime.

Matt Parrella, the federal government's top tech prosecutor in the Bay Area, had this to say:

"The trend toward cloud computing, in which businesses and consumers use the Internet to access data and software stored in remote servers, instead of their own computers, may create new opportunities for crime," Parrella suggested.

As an example, he mentioned cases that focused on shady operators who used overseas factories to crank out copies of counterfeit software on disks. Those cases may decline as software is more commonly sold online, Parrella said.

I see it as a bit more fundamental than that. I think the rise of cloud computing, typically by small businesses, will leave many openings for criminals to take advantage of this paradigm shift. While many are concerned about malware and other types of attacks, the real money is to be made by fronting somebody else's intellectual property as your own, selling it "as a service."

Take database technology, for instance. While you can lease Oracle as-a-service on the up-and-up from a cloud computing provider, what's to stop somebody else from placing a major brand database in their cloud and selling it as a multitenant service at a deep discount? Not much, considering that it's not difficult to do set up clouds these days, and it's just a matter of placing a provisioning engine in front of the technology, and you're in business. Same can be said for major enterprise applications, proprietary and sometimes confidential data, and other software intellectual property that can be delivered over the Internet.

Just like some issues with pornography and gambling sites, many of the criminal cloud computing sites will exist offshore and out of the reach of US laws. They will be difficult to prosecute, other than going after those who leverage the services, much like they are doing with the peer-to-peer music collectors these days. In many cases, I suspect, those who use sites that provide software-delivered IP that they don't own, won't know they are doing anything wrong until the Feds knock at their door. Or, worse, until you're sued by a software vendor for using services that you never knew were owned by them rather than your provider.

While there is really nothing you can do about these types of activities as a business, there are steps you can take to protect yourself:

First, make sure to create and communicate policies around the use of cloud-delivered resources, including the ability to validate the IP ownership, and establish formal agreements that limit your liability in case of IP violation.

Second, make sure to monitor use of remote sites. While this seems big brother-ish, I would look for patterns where a particular site is consuming a lot of bandwidth, and see if they are perhaps unsanctioned cloud computing sites that could come back and bite you.

Finally, provide training around the use of cloud computing, including some of the legal issues that should be understood. In most cases, knowledge provides the best protection.

This should not scare you away from cloud computing; it's just a cautionary tale to be a bit careful about whom you get into bed with.I think the rise of cloud computing will leave many openings for criminals to take advantage of this paradigm shift. While many are concerned about malware and other types of attacks, the real money is to be made by fronting somebody else's intellectual property as your own, selling it "as a service."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll