BlogDangers Of The Clouds

Cloud is a metaphor for the Internet. It always existed, nothing new was invented, just a way to share resources. Lets go through benefits of existing offers on the market:

  • Automatization of infrastructure-related tasks
  • Economy
  • Providers support a large amount of servers and basically use 10% of their computation power just to be ready to peaks of load


  • Microsoft use AWS-S3 to help speed software downloads
  • Linden Lab use it for their Second Life online virtual world
  • Used in enterprise applications as a load balancer, for performance testing
  • Analytics: pattern-recognition algorithms, like customer basket analysis or product autosuggestions
  • Also malicious purposes: passwords bruteforcing and botnets

Ther'a very few mature offers on the market, because architecture still in testing stage. For example Amazon lost a lot of EBS last time lighting hit their DC in Dublin.

Vulnerabilities. A lot of them. For example Amazon. Everybody could make an AMI ( Amazon Machine Image ) and upload it to S3, where somebody could download it and start to use. When you create your machine it suggests you a list of images, sorted by their random ID. There was a PoC in Defcon showing it was possible to pick up low id and make your image more attractive to user.  
You could have registered unlimited amount of Micro machines ( they were free some time ago ).

Vendor Lock-In. If you give your data to somebody specific you cannot be sure one day, when you meet  the necessity to move project to another platform you get your data in the form that you had.
In other words, you invest into specific platform: database, software adjustments, etc.

Transparency Data from every service you use will leak sooner or later. This is a matter of time, as experience shows.
Therefore you should know exactly what company you trust your data do. Especially when this company has no reason to overpay for customer's security. For example, reverse engineering of windows forces microsoft to be honest. You cannot reverse engineer cloud. Im not saying they spy on you or cooperate with your competitors, but if they do you wont find out.

Legality Provider could be asked to give out customer's data and you even could not be notified about that.

Compliance Nobody take care of your security. You are responsible for your data.

Other Threats. Even though cloud provide us with stability and high availability, Amazon and co. themselves become your single point of failure. Some DoS attacks cant be stopped for example. It's simply using the service. And you pay for resources consumed.

21 November, 2012