I’m a big advocate of moving applications to the Cloud. The Cloud is just more efficient for hosting applications than internal networks, and applications developed in the Cloud tend to be more advanced and easier to operate. The Cloud is not the end all – be all of application development, but I’ve found that Cloud services are better managed and more robust. Of course, as with any model, there are tradeoffs. You must surrender a degree of control. You don’t get to dictate every detail of the Cloud environment; if you do retain control at this level, I’m not sure if you have a true Cloud product. With Cloud applications the surrender of certain controls is what creates the benefits you’re looking for. Moving into the Cloud generally means that you move into a shared environment. You don’t control who is on your network… your neighborhood… instead you get a good security system to lock your data away from other users. But this week, we learned about a plot by Estonian con-men that almost wrecked the Internet, and destroyed the concept of Cloud computing.
First, let’s be clear that no matter where you are and how you access your applications, you’ve been exposed to Internet con-men. Do you get daily emails about Canadian pharmaceuticals? Ready to start your career as a secret shopper? Have you seen today’s email on mortgage refinancing? And, sorry to say, another of your uncles in Nigeria has passed away, but he did leave you $10 million. Even inside your secure network the fingers of con-men are still trying to reach into your wallet. Generally, you need to say yes, or send an email or click on a video, but everyone comes into contact with these little scams. In a lot of ways this new attack is not much different. It’s bases on malware, software that infects your computer when you visit an infected web site or click on an email link. Then your computer joins 4 million other infected computers, and does the malware’s bidding.
This particular malware changes how your computer interprets internet addresses. When you do a search in Google, or when you are on a web site with ads, slightly different ads show up. OK. That doesn’t sound like the end of the world, does it? And yet it is. If you cannot trust the Internet to bring you to a certain destination, then it’s like driving on a highway system where criminals have changed all the signs so everyone is getting stranded in strange locations. In this particular case, rather than kidnapping the victims they decided to just sell them boot-leg products and let them go. Why did they choose this particular cyber-crime, well there is a lot of money in Internet advertising. By driving people to the wrong search results and making them see the wrong ads, they got a lot of money from people who may have not known how they did this. This was a subtle attach, making searches that should have displayed Domino’s pizza show some other pizza company at the top of the list, and swapping ads for their client where a paid advertisement should have been.
Most users might be moderately annoyed, but would be happier if someone wrote some malware to make all the ads go away. But if you want to make illegal Internet money, this is a pretty efficient way to do it. Because it didn’t act like other malware and try to steal passwords or account information, it slipped past antivirus and spyware protection. According to international law enforcement, this is the first time there has been a mass (4 million infected computers) attach on the Internet’s addressing system (called the DNS). The Estonians chose the most profitable, and for users the least damaging, form of crime. But now that this technology is out there, it can be used for attacks: hiding the address of your Cloud services, crashing your servers by redirecting too many users, or a variety of other malicious attacks. If a criminal can control where users go to on the Internet, they can do anything they want to with your users and your clients.
Does this mean that you should stop moving applications to the Cloud? No, it doesn’t. But just as there are nasty new bacteria and viruses constantly evolving in the biological world, new forms of crime (and the technology to support it) are constantly evolving in the Cloud. Rather than fear these threats, learn from them and make sure that your plans for the Cloud account for the current environment. There are always going to be threats out there, and for every new technology there will be a new class of threats and criminals. The Cloud continues to have the incredible potential, but if you’re going to move all of your operations out there make sure that you know how everything works in this new “neighborhood. And that’s my Niccolls worth for today!