Criminals are using the internet ?!
Pass a law against it, now!
Cloud computing providers came under fire today from security experts who blamed them for giving cyber-criminals the tools to launch attacks more easily, efficiently and anonymously than ever before. Speaking at the fourth InfoSecurity Summit in Hong Kong on Tuesday, SC Leung - a senior consultant at the city-state's Computer …
FFS, this is not news. I've worked on alternative approaches since 2005, and the upshot is that it's more fun as well. The primary problem is that too strict processes kill off the creativity - you as a target become predictable, aka a sitting duck that can be repeatedly shot at. Case in point: anti-virus. The absolute first thing that happens with a zero day is that it is tested on virustotal.com.
At present, most people in IT security are either researchers, or glorified administrators. No surprises there..
As someone else said, think different... The traditional corporate mentality just doesn't work, you become slow and cumbersome while the hackers are not so constrained.
Also cloud isn't the problem, buying services from amazon is not what hackers do anyway because it leaves a paper trail... Instead they will hack boxes, and some of them happen to be hosted at cloud providers. Hackers have always compromised boxes and used them to launch further attacks, the only "cloud" connection is that providers like amazon are prominent and fashionable enough that lots of people with no server management experience want to try it out, so they leave insecure boxes on the internet waiting to be hacked.
...and that is exactly the case.
No self-respecting hackers would buy a service leaving credit card number just so squeeze some CPU power.
I'd say buying en masse cheap hardware and building your own cluster is easier than renting services. Virtually any brute force alike algorithm is embarrassingly parallel, hence it can run on commodity hardware connected via standard LAN.
the developers who work in industry aren't any slower that those that write exploits, its just that those in industry have to worry about whether the 'fix' will break anything. the virus writer doesn't have to care. this doesn't mean that they don't, simply that they don't have to.