There is widespread speculation that the recent attack on Sony was accomplished by utilizing credit card information stolen via compute resources purchased from Amazon’s EC2 cloud offering. This high profile incident has attracted attention in the mainstream press and in the blogosphere, underscoring the interconnected and anonymous nature of cloud computing, as well as the need for vigilance and improved security. Interestingly, there has been little attention paid or blame allocated to Amazon’s EC2 offering in the public discussion. Amazon, rightly or wrongly, has largely escaped unscathed, and the cloud infrastructure services sector – of which EC2 is the most visible champion – continues to enjoy increased adoption, favorable press, and commentary largely unaffected by this incident.
There are many good reasons why Amazon’s EC2 has not been vilified and cloud adoption continues at its frenetic pace. But what if the circumstances had been different? What if the credit card information had been stolen utilizing Microsoft’s Azure platform? Would the world have responded with the same collective yawn? Would there have been an attempt to hold Microsoft accountable for the nefarious use of its compute power? Would open source enthusiasts have suggested it to be another reason to move to open source from Microsoft products? To explore this, let’s first examine why it might have made a difference:
- Microsoft plays a different role in championing cloud than Amazon. Azure is the Microsoft answer to the Windows operating system (OS) and bundled IP provided through the cloud. As such, it represents Windows and the dominant OS at this time.
- As the dominant OS provider, Microsoft appears to be held to a different standard than most other providers; if there is a hole in Windows, we are all vulnerable (except, of course, Apple fanatics).
- Microsoft acts as a lightning rod like no other, drawing negative attention from all quarters.
- There seems to be a preference to excoriate past monopolists in favor of newer entrants that may yet gain similar market power, akin to market behavior that favored the Microsoft upstart over the established IBM in the 1980s.
So, what would have happened? Would the steady march to the cloud be delayed as we criticized Microsoft and questioned more deeply not only its culpability for how its service is utilized, but also the requirements for security in the cloud more broadly? Would regulators be initiating inquiries threatening further changes in compliance security laws, or attempting to add responsibility to providers of compute power? Or would there have been a similar yawn? It’s interesting to speculate… and as we do, what does this tell us about where we are headed and where we have been?