Recently we sponsored an interesting Webinar with Black Hat titled ‘A Journey into the Privacy and Security Risks of a Cloud Computing Service’. Speakers were Marco Balduzzi and David Koretz, Mykonos Software, a Juniper Networks company, VP and GM.
Throughout you’ll learn about some cutting edge security research about the risks around deploying cloud services.
Cloud services such as Amazon’s EC2 and IBM SmartCloud allow users to create and share virtual images (AMIs) with other users. In addition to these user-shared images, the cloud providers also provide AMIs that have been preconfigured with popular software such as open source databases and web servers.
This talk explores both the privacy and the security risks associated with renting and using public AMIs from cloud computing providers. We will present SatanCloud, our automated system that we used to analyze and test over 5,000 server images provided by Amazon in its four data centers of US, Europe and Asia. From our analysis, we discovered that both the users and the providers of public AMIs are vulnerable to security risks such as data leakage, unauthorized access, malware infections, and loss of sensitive information. All our findings have been acknowledged by the Amazon’s Web Services Security Team that has already taken steps to properly address them.
To watch the webinar click here.
Marco Balduzzi’s slides are available here.
Mykonos Software’s slides are available here.
