Amazon's WikiLeaks Ban Breeds Cloud Insecurity

Wednesday, December 15, 2010



An article by Ron Miller on ITKowledgeExchange raises some interesting questions about the the risks involved with third-party data hosing in the Cloud, and may have repercussions for the budding Cloud-based services industry.

Miller points out that Amazon's decision to cease hosting the WikiLeaks websites on their massive network of servers may hold lessons for businesses seeking to control costs by farming out data and network services.

WikiLeaks had moved their website hosting to Amazon shortly after experiencing a series of denial of service attacks for violation of the terms of service for posting materials that did not belong to the group.

In Miller's article, he notes that it was the nature of the WikiLeaks organization that prompted Amazon's decision, not necessarily the issue of who owned the information, and suggests that had it been the same information posted by the New York Times, the decision to cease hosting services would not have been made.

"They played into the biggest fear that cloud critics have, and that’s the general sense of unease when your content sits on somebody else’s server and is in another company’s control. If Amazon decides you aren’t playing by the rules, you could be in the penalty box and your business severely compromised," Miller writes.

The point Miller pursues is that there are no standards in place to define how and when a cloud service provider can choose to make such a decision, and businesses need to take that fact into consideration lest they find themselves in a similar predicament.

"What this shows is the importance of understanding every word in your Terms of Service (ToS). In the new brave new world of IT responsibility, negotiating the ToS with cloud providers like Amazon is going to be Job One. Don’t rubber stamp it. Make sure you and your organization’s lawyers understand every word."

Cloud-based services have other hurdles to overcome which are not addressed in Miller's article, such as third-party liability issues if your service provider is breached and loses or exposes your client's data, what remedies are available to both your company and your clients.

If the service provider has multiple clients who suffer in the exposure, does the service provider have sufficient indemnity coverage to reimburse their clients, and their client's clients?

Liability could potentially be exponential.

Possibly Related Articles:
Cloud Security
Cloud Security Amazon SaaS Vendor Management Headlines Third Party WikiLeaks
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.