Security Researchers Hack AWS Virtual Machines

A group of security researchers say that they can extract information from an Amazon Web Services virtual machine by probing the cache of a CPU it shares with other VMs in the cloud.  While largely theoretical, the research shows why many organisations are willing to pay for dedicated instances in the cloud, and points to potential security issues in multi-tenant environments. Javvad Malik, Security Advocate at AlienVault commented below. 

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“When you use the cloud, you’re essentially putting control of your data and infrastructure into the hands of a third-party. Should an issue emerge on their side of the fence, there’s very little you can do about it. Despite this, however, our recent survey results suggest that a significant number of people do trust the cloud-based services they use and feel confident in their ability to detect threats in the cloud.

“But it’s not all sunshine and roses. When improperly used and managed, the cloud has the potential to pose a serious security risk to enterprises, and these risks are barely understood by most organizations, and are often not considered at all.”

Additional information

AlienVault’s latest RSA report shows that many IT professionals are still struggling to monitor the cloud effectively, and no wonder, considering:

  • 39% of respondents use more than 10 different cloud services within their organization
  • An additional 21% don’t know how many cloud applications are being used.
  • 40% of IT teams say they aren’t consulted before a cloud platform is deployed
  • 42% say that a lack of visibility into the cloud is a significant concern.

The survey also asked participants what concerned them most about cloud security. Malware was rated as the highest concern, with 47% worrying about it, and 21% were worried about the cloud-based services they are using producing “too many logs” – which points to potential problems around auditing cloud environments in the event of an incident.

A press release about the survey is available here: https://www.alienvault.com/who-we-are/press-releases/research-reveals-major-disconnect-between-beliefs-and-actions-when-it-comes-to-cloud-security-iot