Beware the Dreaded Cloud Pirates!

In this San Jose Mercury News article, "Cloud computing may create new venues for high-tech criminals," Brandon Bailey outlines a compelling case around a potential downside of cloud computing: crime.

Matt Parrella, the federal government's top tech prosecutor in the Bay Area, had this to say: "The trend toward cloud computing, in which businesses and consumers use the Internet to access data and software stored in remote servers, instead of their own computers, may create new opportunities for crime," Parrella suggested. As an example, he mentioned cases that focused on shady operators who used overseas factories to crank out copies of counterfeit software on disks. Those cases may decline as software is more commonly sold online, Parrella said.I see it as a bit more fundamental than that. I think the rise of cloud computing, typically by small businesses, will leave many openings for criminals to take advantage of this paradigm shift. While many are concerned about malware and other types of attacks, the real money is to be made by fronting somebody else's intellectual property as your own, selling it "as a service."

Take database technology, for instance. While you can lease Oracle as-a-service on the up-and-up from a cloud computing provider, what's to stop somebody else from placing a major brand database in their cloud and selling it as a multitenant service at a deep discount? Not much, considering that it's not difficult to do set up clouds these days, and it's just a matter of placing a provisioning engine in front of the technology, and you're in business. Same can be said for major enterprise applications, proprietary and sometimes confidential data, and other software intellectual property that can be delivered over the Internet.

Just like some issues with pornography and gambling sites, many of the criminal cloud computing sites will exist offshore and out of the reach of US laws. They will be difficult to prosecute, other than going after those who leverage the services, much like they are doing with the peer-to-peer music collectors these days. In many cases, I suspect, those who use sites that provide software-delivered IP that they don't own, won't know they are doing anything wrong until the Feds knock at their door. Or, worse, until you're sued by a software vendor for using services that you never knew were owned by them rather than your provider.

While there is really nothing you can do about these types of activities as a business, there are steps you can take to protect yourself:

First, make sure to create and communicate policies around the use of cloud-delivered resources, including the ability to validate the IP ownership, and establish formal agreements that limit your liability in case of IP violation.

Second, make sure to monitor use of remote sites. While this seems big brother-ish, I would look for patterns where a particular site is consuming a lot of bandwidth, and see if they are perhaps unsanctioned cloud computing sites that could come back and bite you.

Finally, provide training around the use of cloud computing, including some of the legal issues that should be understood. In most cases, knowledge provides the best protection.

This should not scare you away from cloud computing; it's just a cautionary tale to be a bit careful about whom you get into bed with.I think the rise of cloud computing will leave many openings for criminals to take advantage of this paradigm shift. While many are concerned about malware and other types of attacks, the real money is to be made by fronting somebody else's intellectual property as your own, selling it "as a service."