On Friday, September 27, 2013, The Wall Street Journal’s CIO blog published an article by Steve Rosenbush, Deputy Editor, titled How Advanced Denial of Service Is Raising Stakes in Cybercrime (http://blogs NULL.wsj NULL.com/cio/2013/09/27/how-advanced-denial-of-service-is-raising-stakes-in-cybercrime/?mod=wsj_ciohome_cioreport). Two important points arise from a reading of Mr. Rosenbush’s article:
- Internet security experts are increasingly pointing to inherent weaknesses in the structure of data communications networks for today’s internet traffic as formidable obstacles to the implementation of reliable defensive systems for cloud computing applications. This article describes the difficulty of protecting trading applications, which depend upon synchronous data communications, from sophisticated subversion attempts
- Multi tenant cloud architecture for applications for small to midsize businesses, and even “less than mission critical” applications for bigger businesses, and government agencies, will be much harder to secure, if alternatives to the type of content delivery networks (CDNs) described in this article cannot be found
If the weaknesses of Ethernet data communications architecture remain very difficult to overcome (which is the inevitable conclusion of pt 1), above), then it makes sense to plan on some lessening of consumer appetite for cloud services. After all, service providers, at some point in the future, will simply have to pass through some of the cost of losses directly to consumers. How else can they be expected to continue to unilaterally absorb these costs? Once consumers are made aware of a higher level of exposure, they are likely to pull back.
As well, there will, inevitably, have to be a higher cost for these services, if providers have to plan on the kind of massive infrastructure represented by CDNs (as noted in pt 2), above). Even if the server farms amount to thousands of virtual machines (or tens, or even hundreds of thousands), the CPU cycle costs will be substantially more expensive than today’s norm. The whole infrastructure as a service (IaaS) business will become a much more expensive proposition for vendors. Inevitably, these costs will have to be passed through to consumers.
ISVs planning on cloud offers will likely need to adjust revenue models to plan for higher costs of offering secure cloud systems capable of safeguarding consumers from the type of attackes noted in this article.
Ira Michael Blonder (https://plus NULL.google NULL.com/108970003169613491972/posts?tab=XX?rel=author)
© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved