Web Application Security in the Cloud - Part 2
In Web Application Security in the Cloud Part 1, I mentioned some risks associated with "cloud computing", and other services provided online by third parties.
At my work, we sometimes use Infrastructure as a Service (IaaS) virtual hosting to undertake testing. These are not a business critical use and there is never any client, or business, data on the servers. One of these is GoGrid. A few weeks ago it seems their services were offline for an extended period (significant if the service is a vital process), due to a combination of denial of service (DoS) attack and scheduled maintenance, culminating in this Update from GoGrid Founders:
I applaud the efforts undertaken by service providers such as these, rather than being unable to recover like Ma.gnolia after a, much less complex, database and backup loss:
The video on the Ma.gnolia home page is worth watching before signing contracts with third party providers.
For further discussion of the issues, some further blog posts which I recommend, are:
- The Cloud: policy consequences for privacy when data no longer has a clear location
- Cloud Catastrophes (Cloudtastophes?) Caused by Clueless Caretakers?
- The Vagaries Of Cloudcabulary: Why Public, Private, Internal & External Definitions Don't Work...
- The new cloud infrastructure: Do you care?
- Does Cloud Infrastructure Matter? You Bet Your Ass(ets) It Does!
Look before you leap!
Update 27th November 2009: See also Cloud Computing Risks.
Posted on: 21 April 2009 at 09:00 hrs
Comments are filtered automatically and should appear shortly after they been checked.