Who's cleaning up after you in the IaaS cloud? Perhaps nobody is, and that means your data is at risk.
Here's the problem: You have a need for some temporary computing capacity, so you surf over to your favorite provider of IaaS. A few mouse-clicks and you've got yourself some virtual machines and a few hundred gigs of storage capacity. You do your thing with this infrastructure, whatever that is, loading it up with an app and a database full of records and going to town.
And when you're done, you dismiss the capacity and off it goes, back into the IaaS pool, waiting for the next customer. And you feel secure in all this, as your code and your data are as good as gone, nothing left behind or visible to the next person who gets provisioned those machines.
Or maybe not. A London-based outfit called Context Information Security has just published information about an investigation into what it calls "dirty disks" up in the cloud. It seems that IaaS customers may unknowingly leave behind data that, conceivably, bad actors could use to take control of others' hosted servers. At certain IaaS providers, Context found "fragments of customer databases and other elements of system information that could, in combination with other data," enable damaging attacks.
The problem, as Context describes it, stems from the service providers not doing a sufficient job of "securely separating virtual servers or nodes through shared hard disk and network resources. [...] if virtual machines are not sufficiently isolated or a mistake is made somewhere in the provisioning or de-provisioning process, then leakage of data might occur between servers."
Now, the issue of cloud security has always struck me as somewhat overblown. Sure, the cloud involves a new constellation of technologies, but each of those is fairly well-understood. Build something new out of them and you might run into some problems. But by and large, I figure that much of the discussion around security in the cloud has been a matter of FUD -- fear, uncertainty, and doubt purposely fueled by certain suppliers that would rather see customers stay grounded for a while longer.
But perhaps I am wrong. Context has found a real potential leak that could be the stuff of nightmares for security officials.
Not that this proves there's anything intrinsically insecure about the cloud.
The flaw: ourselves
The flaw is less in hardware or software than in the service providers' management of their infrastructure. Indeed, as soon as Context notified the providers of the problem, those companies scrambled to fix things. The problem is a potential risk where multiple users have access to a shared file system that provides direct hardware access to a disk.
States a company press release: "The vulnerability itself is due to the way in which some providers automatically provision new virtual servers, initialise operating systems and allocate new storage space. For performance reasons or due to errors, security measures to provide separation between different nodes on a multi-user platform sometimes are not implemented, making it possible to read areas of other virtual disks and so gain access to data which exists on the physical storage provider."
The solution, it seems, is easy and perhaps even obvious: The provider just needs to make sure it zeroes-out memory and storage capacity before allocating it to another customer. In the meantime, Context urges customers to make a point of encrypting sensitive data, actively wiping disks when de-provisioning them, and checking in with their IaaS providers to make sure they, too, are aware of the problem and have taken measures to protect against it.