For the past few years, ISPs and network providers have been clashing with large online media companies like Google, Yahoo, and YouTube over the concept of Net Neutrality. At issue is the question of whether an ISP should be able to block or slow access to some networks, some content, or some applications, and whether that ISP should be able to charge more for access or not. Today, ISPs charge only for bandwidth, regardless of how it’s used.
The FCC just announced a compromise that allows ISPs to arbitrarily slow access to some content or to charge more for access to others.
At first blush, it’s not obvious why that is a major threat to cloud computing. But when you consider that the cloud is only as good as your access to it, it becomes something to think about. Add in the fact that telecoms own most major ISPs, have millions of square feet of data center space, and are actively building their own cloud computing offerings.
It’s not a far stretch to imagine your bandwidth provider telling you that if you want to use their cloud offering, access is free, but if you want to use a larger cloud with more features, faster performance, or better pricing, you’ll have to pay a steep toll to access it. Extending the analogy even more, your telecom could even potentially charge you a “Salesforce.com toll” or “Amazon EC2 toll” on your bandwidth.
My friend Ryan Bagnulo, Joyent’s Chief Security Officer, said it best on Twitter, “All packets are not created equally, the free packets are dropped first, welcome to the public cloud.”
Even worse, this gives your ISP license to spy on what your employees do online by opening your network packets to see what’s inside. As former VP of Technology for a vendor in the Deep Packet Inspection space, I’m certain that many ISPs already do this, but it was a questionable practice in some places. Not anymore. And SSL, the default technology for securing web traffic, doesn’t stop some techniques used for this kind of spying.
Now more than ever, it’s time to ensure that enterprises encrypt all public network traffic to the cloud. It’s becoming very apparent that security on the way to the cloud and in the cloud itself will be a major issue for enterprises this year.