Blog › Dangers Of The Clouds

Cloud is a metaphor for the Internet. It always existed, nothing new was invented, just a way to share resources. Lets go through benefits of existing offers on the market:

• Automatization of infrastructure-related tasks
• Economy
• Providers support a large amount of servers and basically use 10% of their computation power just to be ready to peaks of load

Applications

• Microsoft uses Azure ( previously it used AWS S3 ) to help speed software downloads
• Linden Lab use it for their Second Life online virtual world
• Used in enterprise applications as a load balancer, for performance testing
• Analytics: pattern-recognition algorithms, like customer basket analysis or product autosuggestions
• Also malicious purposes: passwords bruteforcing and botnets

Disadvantages:
"Cloud" becomes a single point of failure. For example Amazon lost a lot of EBS last time lighting hit their DC in Dublin.

There were many cases recently when users reported "the Internet" outage, which was in reality a "cloud" outage, as everybody is going after "cloud" these days, without understanding its risks.

Vulnerabilities. A lot of them. For example Amazon. Everybody could have made an AMI ( Amazon Machine Image ) and upload it to S3, where somebody could download it and start to use. When you create your machine it suggests you a list of images, sorted by their random ID. There was a PoC in Defcon showing it was possible to pick up low id and make your image more attractive to user.  
You could have registered unlimited amount of Micro machines ( they were free some time ago ).

Unresponsive support. Even on paid support plans, you are left on your own with AWS platform issues. For example, Amazon assures ElasticSearch can work on its 16 GB EC2 instance, but it turned out it do not work there. ElasticSearch minimum memory requirement is 16 GB. It took Amazon two months to fix the issue, after it was reported the first time.

Vendor Lock-In. If you give your data to somebody specific you cannot be sure one day, when you meet  the necessity to move project to another platform you get your data in the form that you had.
In other words, you invest into specific platform: database, software adjustments, etc.

Transparency Data from every service you use will leak sooner or later. This is a matter of time, as experience shows.
Therefore you should know exactly what company you trust your data do. Especially when this company has no reason to overpay for customer's security. For example, reverse engineering of windows forces microsoft to be honest. You cannot reverse engineer cloud. Im not saying they spy on you or cooperate with your competitors, but if they do you wont find out.

Legality Provider could be asked to give out customer's data and you even could not be notified about that.

Compliance Nobody take care of your security. You are responsible for your data.

Other Threats. Even though cloud provide us with stability and high availability, Amazon and co. themselves become your single point of failure. Some DoS attacks cant be stopped for example. It's simply using the service. And you pay for resources consumed.