This is pretty cool. I gave a talk last week at the Glue Conference in Denver about how ambient clouds ( http://cloud.trendmicro.com/good-clouds-evil-clouds-why-microsoft-has… )work and even used Skype as an example of a massive-scale ambient cloud.
This case raises some very important new questions around ambient clouds. For instance, if you create an ambient cloud, one that you control using your own protocol, but where you have no control over when an endpoint may join it, what are the legal implications if someone else uses your protocol?
In an open source world, slapping a lawsuit on some guy in Eastern Europe who reverse engineered your protocol over a weekend of heavy drinking just isn’t going to matter. In the Skype case, this probably isn’t a big deal because Skype is already free most of the time, and they can change the protocols over time relatively easily.
With botnets, which are already bigger than Skype in aggregate, there is already pretty good security around command and control because the criminals making money from botnets don’t want them compromised by other criminals – or legal authorities.
Overall, I’m concerned about the state of security of distributed ambient cloud control protocols. All it takes is one compromised update to turn potentially millions of PCs or phones into a massive DDoS machine.
Securing the centralized IaaS cloud is hugely important and I spend most of my time thinking about that problem, along with similar challenges for SaaS. But at the same time, there’s an impossibly large number of PCs already tied together into thousands of overlapping ambient clouds, and we’ve just begun to touch on the security implications of it.
The good news is that I think ambient clouds with P2P elements – like Skype – are one of the only ways we can scale the cloud to reach everyone on the planet. I’m looking forward to seeing what happens in this case.