Tuesday, May 13, 2008

Pain in the aaS?

I was forwarded this article from the Economist which outlines the new "as-a-service" model now being adapted by cyber criminals. The article makes an excellent point about the continuing migration of software from boxed discs to online services that we 'rent' or use as necessary, and points out the inevitable migration of that model to include malware. Want to conduct a denial-of-service attack on a website without having to build your own army of zombie PC's, or even having any hacking skills at all? You can. Just rent the access from an established cyber-criminal and you can 'borrow' their hack for your personal mission of destruction.

The tone of the article suggests that "as-a-service" is becoming a dirty word, which may be true. However, I think the term is accurate and that the model actually provides an opportunity for greater security. After all, with services living 'in the cloud' you're less prone to local attacks, and the effects are less likely to impact other applications. What's required is secure access to those 'in the cloud' services, so that each session becomes a trip into a secure portal isolated from everything else...I might know something that's a possible solution for that.

No comments: