Thursday, July 9, 2009

Cloud Computing... Meet Mafiaboy

Today, security in the SOA/Web services arena is usually more about risk and compliance than it is about crime prevention--although thwarting criminal activity is certainly a major aim of governance, risk and compliance (GRC) in the first place.

Enter Mafiaboy.

What better quote generator can you find than "a reformed black-hat hacker better known as the 15-year-old 'mafiaboy' who, in 2000, took down Websites CNN, Yahoo, E*Trade, Dell, Amazon, and eBay"?

And what's Mafiaboy back to tell us?

"[Cloud computing] will be the fall of the Internet as we know it.... You're basically putting everything in one little sandbox...it's going to be a lot more easy to access." Mafiaboy concluded that "cloud computing will be extremely dangerous."

One may quibble with Mafiaboy's basic assertion, or question his motives for making such newsworthy sound bites. However, it may be time to pause and realize that, even if cloud computing will not be the 'fall of the Internet as we know it,' there are millions of Mafiaboys out there who will attack cloud services. They may fire up a botnet to instigate a denial of service/extortion scheme. Or they may poke around your Cloud APIs and find a WSDL or two laying around that let them start 'playing' with your services.

All the more reason to evaluate governance solutions very early in any initiative that includes the Cloud.

0 comments:

Post a Comment