Enterprises are still worried about the security on the Clouds. Recently, in his Thanksgiving Day post, Christofer Hoff raises the possibility of another level of vulnerability that could affect anyone, not just the enterprises, using the utility nature of Cloud Computing infrastructure to scale. He calls this kinda “attack” as Economic Denial of Sustainability.
Let me rephrase his description of this attack here. If a company taps into Amazon EC2 or Google App Engine for their application and pay for the computing and bandwidth costs based on their usage. Depending on the traffic, the service usage can be scaled up or scaled down. Attackers could send legitimate requests to the apps running on these services along the lines of DDOS and there is no way for the app vendor to verify the legitimacy of each request before they consume the computing resources. A sustained attack like this could ramp up the app vendor’s cloud infrastructure bill. Mr. Hoff, then, asks how vendors can cope up with the scaling while ensuring that EDOS doesn’t kill the company financially.
I have been vocal in my evangelism about Cloud Computing. I have written many posts pointing out how various claims about the security issues associated with Cloud Computing have a counterpart in the traditional data center world and desktop world. As Mr. Hoff himself points out, this kind of attack does pose significant risks in the traditional data center world. But it only affects the bandwidth part of the expenditure. In the utility based Cloud infrastructure world, the victims of such an attack have to pay for computing resources along with the bandwidth costs. It is actually a double whammy for the victims of this attack.
This raises the importance of having an intelligent approach to security. Cloud infrastructure providers need to take an all pervasive approach to security and develop smarter lines of defense against such attacks. It is also important for the app developers to take these possibilities into account while developing a security ring around their application. I have some background on security issues but my knowledge can be considered to be at the peripheral level. I want to hear from the security gurus on the infrastructure side and the app developers about how they can minimize the impact of such attacks. Please post your opinions/suggestions in the comments section below or contact me. If anyone is interested in writing a guest post addressing this issue, we strongly encourage you to contact us.
From time to time, we also highlight the risks involved with Cloud Computing so that users are better prepared to minimize the risks while taking advantage of the technological superiority of the cloud based computing. This is one such post and we strongly encourage you to add to the discussion.