Posted by: Greg Ness | August 25, 2008

Cloud Computing: More Storms Ahead

The biggest threat to the promise of cloud computing to appear this summer wasn’t the failed trademark attempt by Dell, but rather brilliant research by a leading white hat security researcher.  Dan Kaminsky discovered how a well-known and widespread vulnerability in DNS servers could be exploited in seconds and turn any one of millions of servers directing Internet traffic into a cybercrime gold mine in mere seconds.


Note: For those unfamiliar with cloud computing, or the delivery of software and other IT-related functionality as a service, you can read more at Archimedius.  Some leading technology players involved or associated with cloud computing include: Google, Microsoft, Dell, VMware and Amazon.


As a result July and August saw unprecedented DNS media attention.  Yet the discovery of a DNS exploit was only part of the story.  Events soon unfolded that took the exploit from specialized security blogs (like Rational Survivability and Matasano, where the exploit leaked).


When the exploit inadvertently leaked (ahead of the disclosure timeline established to allow service providers ample time to patch their systems) the news quickly spread throughout more generalist blogs and even into mainstream media, including front page coverage in the NY Times referenced at Archimedius on July 31.


The Linux Journal published one of the best high level technical explanations of the exploit and why it matters.  Despite the release of a patch and the heroic actions on the part of internet service providers, issues remain.


While the business press dwells on Dell, Microsoft, Google and a handful of key players making investments and strategic moves based on the eventuality of cloud computing, some of us in security and networking are all too aware of the storm clouds.  You can read about the security issues at the newly established Infoblox DNS Security Center, with news, developments and resources hand-picked by leading experts.



Dan Kaminsky has openly labeled the patch just applied to protect the DNS vulnerability a temporary fix:


I listened to the Black Hat webcast today to grab as much info as I could on this subject. The biggest thing that I heard from the whole talk is that the patch fixes things to a reasonable point, but that long-term, there will have to be more work done to prevent the issue.

– Nathan McFeters, ZDNet


Unfortunately, it is likely that the DNS summer exploit story will fall back beneath the headlines in coming months; yet the vulnerability will still exist and it will likely require more patches on an ongoing basis.  That will place an unprecedented level of demands on the management of the DNS infrastructure, the backbone of the Internet.  That infrastructure is made up of millions of servers updated and managed manually.  That is a serious problem.


An IDC report sponsored by Microsoft concluded that hardware costs were only a small fraction of the cost of operating a server (see page 5 for the IDC breakdown).  Staffing expenses (management) and downtime constituted 75% of a server’s total cost of ownership, according to the April 2007 paper by Randy Perry and Al Gillen.  More manual updates will impact both management and availability, the leading cost components before the DNS exploit discovery.


Internet integrity is a critical requirement for cloud computing.  It requires a very high level of trust to use an online application for commercial and even personal uses.  More management and availability challenges will further increase the cost of internet integrity while introducing new risks.  The DNS exploit and the recognition that the recent patch is only a short term measure suggests that internet integrity may be more at risk than ever.


There’s More


A few days ago I discovered this YouTube piece by Cisco promoting green data centers and couldn’t help but to take notice of the points made about other server costs, including power.  Cloud computing could suck up huge amounts of energy if cloudplexes are not virtualized properly and managed efficiently.  For all of the opportunities posed by cloud computing it is obvious that substantial technical burdens remain before servers will follow the moon In pursuit of cheap electricity.


While low cost electricity and VMotion are important requirements for cloud computing, Internet integrity is the table stake: few will trust IT services from an unknown source.  That is why the rise of cloud computing will depend upon the continued success and evolution of utility-grade core network services.  Without network integrity the economics of software as a service will always be limited to low value consumers using low value services.


You can read my disclaimer at: About ARCHIMEDIUS.



  1. I am approaching the cloud from the end-user perspective, where its all foggy up there, and all that matters is how easy it is to interact with my own personal data on the smallest footprint of a device.
    I’m an anticipated fan of the CherryPal C100, which is being touted as a cloud computer. The CherryPal™ C100 desktop is about the size of a paperback book with the performance you would expect from a full-size desktop computer. It has Freescale’s triple-core mobileGT processor for multimedia performance and feature-rich user interfaces, while only consuming as much power as a clock radio. CherryPal uses 80 percent fewer components than a traditional PC, and because it has no moving parts, it operates without making a sound and will last 10 years or more. I am excited about how the CherryPal can bridge barriers to people who have not had access to computers or the internet because of money, fear, education or other challenges. I will be commenting on my experience of using it on my blog as soon as I get my own CherryPal C100! You can use CODE CPP206 to get your own CherryPal for $10 less than purchase price. CherryPal for Everyone at

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: