Monday Could Be a Black Day for the Cloud

Ralph DeFrangesco

We all know that black Friday is one of the busiest shopping days of the year. Traditionally, it's the start of the Christmas shopping season and the day that retailers go from being in the red, or losing money, to moving into the black. A recent phenomenon is that the Monday following black Friday is cyber Monday, the day that kicks off the online shopping season and one of the busiest days for online retail transactions.

 

Online retailers will be at their most vulnerable on this day. Hundreds of thousands of transactions will take place and millions of dollars will turn to the cloud for additional capacity.

 

I recently interviewed Georg Hess, CEO and co-founder of Art of Defence, a company that makes Web application security products for the entire lifecycle. I asked Georg about his concern for cyber Monday. He shared the following:

 

"Recent research from Whitehat shows that 64% of websites currently have at least one serious vulnerability, the most prevalent being Cross-Site Scripting (XSS), and it takes the industry roughly 67 days to fix these web vulnerabilities. It is startling to think about what could happen during that time-especially those who are using the cloud as a back-up resources, as the holiday season is about 42 days long (6 weeks). Companies are putting themselves at risk if they do not protect their Web applications from these vulnerabilities."

Despite my best efforts to patch and protect my home computers, my son managed to pick up a piece of malware before I lent him one of my credit cards. For the past few years, I have let my kids do some Christmas shopping online on cyber Monday. I am planning on passing this year. Besides dealing with the current issue with the credit card, I don't want to have to deal with my credit card number being stolen online as well.

 


Now, I don't want to cause any problems for online retailers. This is clearly my issue and I don't expect there to be any problems. However, I don't feel that most online retailers are prepared to shift capacity to the cloud and deal with security. For instance, Amazon has a service that will allow organizations to use their current infrastructure, firewalls and security tools, while connecting through a VPN. We have no historical data to reference on how organizations will do this year. Last year we had a few companies using the cloud. And a recent report by InformationWeek showed 66 percent of respondents surveryed have money in the budget for cloud computing. This year has seen an increase in cloud use and hackers trying to steal data from the cloud. We'll watch and see what the outcome is when the two trends meet.



Add Comment      Leave a comment on this blog post
Nov 30, 2009 1:32 AM Peter Crosby Peter Crosby  says:

Your story doesn't back up your headline one bit. You say Black Monday could be a "Black Day for the Cloud" and then mention two vulnerabilities that are completely unrelated to the cloud. XSS is a vulnerability in the application code. That code will be equally vulnerable running on a traditional on-site data center or in a third-party cloud. The other vulnerability you mention is malware installed on the client -- again NO relation to the cloud. Is this part of an anti-cloud agenda or just rushed, insufficiently researched holiday column-making?

Reply
Nov 30, 2009 3:59 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Peter Crosby

User1675409,

I guess if you have a myopic view of life, you would come to your assumption. However, I will share something with you, and you can keep this just between us...applications run in the cloud and are prone to these attacks. This includes the servers they run on and the clients that connect to them.

Thank you for your positive comment, it added so much to the advancement of technology.

-Ralph

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.