Shared Technology Issues:
IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a multi-tenant architecture. To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. Still, even hypervisors have exhibited flaws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform. A defense in depth strategy is recommended, and should include compute, storage, and network security enforcement and monitoring. Strong compartmentalization should be employed to ensure that individual customers do not impact the operations of other tenants running on the same cloud provider. Customers should not have access to any other tenant’s actual or residual data, network traffic, etc.
- Joanna Rutkowska’s Red and Blue Pill exploits
- Kortchinksy’s CloudBurst presentations.
- Implement security best practices for installation/configuration
- Monitor environment for unauthorized changes/activity.
- Promote strong authentication and access control foradministrative access and operations.
- Enforce service level agreements for patching and vulnerability remediation.
- Conduct vulnerability scanning and configuration audits.
Cloud customers need assurance that providers are following sound security practices in mitigating the risks facing both the customer and the provider (e.g., DDoS attacks). They need this in order to make sound business decisions and to maintain or obtain security certifications.
Our Cloud Security Assessments provide means for customers to:
1. assess the risk of adopting cloud services;
2. compare different cloud provider offerings;
3. obtain assurance from selected cloud providers;
4. reduce the assurance burden on cloud providers.
5. select and deploy the security monitoring tools needed and customizing the flow analysis features available on routers.
Our Cloud Security Assessment evaluation will cover all aspects of security requirements.
For a complete Cloud Security Assessment and Penetration Testing for an existing configuration please select: