Page 172 - How Cloud Computing Is Transforming Business and Why You Cant Afford to Be Left Behind
P. 172
MANA GEMENT STRATEGIES F O R THE CL OUD R EV OL UTION
The Web server can handle traffic coming to it, but it holds
that traffic there, denying it entry to corporate systems. Only
through its own protected procedures does it access internal
resources. The data center is separated from the DMZ behind
a deeper set of protective layers, primarily firewalls that screen
traffic, filters that keep out specific unwanted message sets,
and intruder detection systems that look for invasive agents.
The screens protect the database servers, business production
systems, and other systems that make the business run.
Amazon’s EC2 is the form of cloud computing known as
infrastructure as a service (IAAS), where users load remote
server hardware in a data center on the Internet with the work-
load that they want to run. They exercise programmatic con-
trol over the operation of the virtual machine, known as an
Amazon Machine Image. In some ways, it looks and feels like a
duplicate of what you’re doing in the data center. You trust
the cloud provider, whether it’s Amazon Web Services, Rack-
space, or Verizon Business, to supply security at the perimeter
of its operations.
Cloud providers encourage this thinking. In a recent inci-
dent, someone who was probably a professional thief succeeded
in placing a botnet, or a remotely controlled agent, on a legiti-
mate host and used it to serve as a control center for pursuing
users’ bank account information. The Zeus botnet, as it was
called, had been placed on a Web site being hosted in Ama-
zon’s EC2, the first such known invasion of EC2 by a botnet.
After I reported on this incident for InformationWeek on De-
cember 11, 2009, Amazon spokesmen Kay Kinton responded:
“Users of Amazon EC2 use the same precautions to secure and
152
