This article is more than 1 year old
Paranoid about the NSA? The case for dumping cloud's Big 3
Can you achieve security through the obscurity of regional ISPs?
Cloud of uncertainty
This is the real pickle of public cloud computing. It isn't just about protecting your company and your clients from evil hackers. It's about protecting your company and your clients from government overreach, and yes, economic espionage.
Say you're running a small biotech firm out of a university start-up incubator and you're doing promising research into what may be a viable treatment for Alzheimer's disease. You know that that the entire pharma industry would love to get their hands on your research, especially before you have it patented.
If you store that on your own servers, chances are you're not going to get hacked. Your tiny little company is hard to find amongst the noise, and it's a pain in the neck to hack you anyways. Even if you host that with a regional provider, there are tens of thousands of tiny little providers all over the place. The pain-in-the-neck factor is pretty large, and it's not really worth it for a nation-state to risk playing that whole economic espionage game with such a broad diversity of targets. Each provider has a different set-up, different defences and the rewards for any penetration efforts are not guaranteed.
Now, let's say that you use a large American cloud provider. Instead of being one among a few thousand clients of this cloud provider, you're one among millions of clients.
The spooks now only have to crack the defences of one cloud provider to search through the data of millions of companies looking for juicy tidbits like your Alzheimer's research. They can then quietly hand that off to companies within their own nation and, well... when and if this happens it's not only really, really hard to prove, the American courts won't even hear the case because of "national security".
Of course, the Americans (and every other nation, for that matter) claim they don't conduct economic espionage. Even if you believe that's true today, will it be true tomorrow? The more of those pesky foreign companies that use the big three American providers, the more tempting that pot of gold becomes.
And, of course, that pot of gold is tempting to everyone. Amazon, Azure and Google are three very tempting targets to attack. They have some of the best security people in the world, but they are attacked continuously by the best hackers in the world.
To be successful, Amazon, Azure and Google – like any provider or you, when you run your own infrastructure – must defend against every possible attack. To be successful, a hacker only needs to find one vulnerability.
Crack open Amazon and the candy inside that piñata is unending. Crack open a regional ISP and you could have spent years getting through the front door to find there's nothing of value inside.
So ISP clouds are faster than the big three. They are less legally ambiguous, and they are a less attractive target, both for governments and for blackhat hackers. The regional cloud and the ISP cloud are far from "dead" concepts. Quite the opposite – with such obvious value, it's a market about to explode. ®
Biting the hand that feeds IT
