Public cloud has come in for some intense scrutiny of late. The recent outage at Amazon took a large number of Web sites down, in fact at Abiquo it took 5 days for our main download server to come back online. Fortunately, we had replicated copies and could simply re-direct our DNS to another host, but others, with much more complex transactional applications, fared less well. Last month, Sony was forced to shut down its Playstation Network after hackers stole personal details of its 77 million users. Last Friday it emerged that the hackers had used code running on Amazon EC2 servers to carry out the attack, almost certainly using stolen identities and credit card details to set up their Amazon AWS accounts.
Should Amazon be criticized for “allowing” this? Absolutely not. As Tom Kellermann, a member of U.S. President Barack Obama’s commission on cyber security, said on Bloomberg TV “it’s kind of like blaming Con Edison because they used their electricity”. Amazon itself cannot reasonably be critisized here – the attack could have been carried out from anywhere using hosted servers, or from the hacker’s garage. Using a hosted service like Amazon (or one of many others) just makes it harder to trace.
The issue here is not what the hackers did per se, but how it affects other public cloud users and potential users. While adoption of services like Amazon among smaller companies has certainly been extensive (including by my own company), enterprises have been somewhat more cautious. Of course there are exceptions. After remarks I made when called by a Bloomberg journalist were selectively reported over ther weekend, I came in for some flak on Twitter, not least from Adrian Cockcroft of Netflix (Twitter @adrianco), who’s entire business runs on Amazon. But while great new Internet companies like Netflix not only work, but clearly thrive in the public cloud, they are, with all respect to Adrian, relatively isolated examples. Read more of this post