If companies are still reluctant to go to cloud computing, it would be fear of security risks in some case. But at the present, according to German researchers, some of the security risks associated with cloud services would be none other than the fact … of the customers themselves.
According to Trend Micro, 43% of IT decision makers have experienced a security problem with a cloud service provider in the last 12 months. To get this figure, the publisher polled 1,200 IT decision makers around the world – including in the UK and Germany, but none in France. And among the surveyed, 10% already operate Cloud services in production; 50% are in pilot or deployment phase.
According to the survey presented by Trend Micro, the main obstacle to the adoption of cloud computing is the security of supplier infrastructures and data (for 50% of respondents). But who is really responsible for the insecurity of Cloud Computing? According to Trend Micro, 85% of respondents using cloud services encrypt their data before handing it over to their provider. Which would tend to clear them.
Scientists at the Center for Advanced Security (CASED) in the Research Department of the Technical University Darmstadt do not seem to share this point of view. According to them, users of cloud services are to blame.
Many vulnerable virtual machines in Amazon’s cloud
These scientists have developed a freely downloadable tool for scanning images of virtual machines for the Amazon cloud (AMI, Amazon Machine Image) and looking for vulnerabilities. As a result, out of more than 1,000 publicly accessible images, 30% have vulnerabilities that can be exploited to compromise Web services or virtual infrastructures.
For Cased scientists, “While security experts have focused primarily on cloud infrastructure and provider security, it appears in practice that threats created by cloud services customers when building their services are still under threat. -stimated if not ignored “. In fact, for these researchers, the main source of the vulnerabilities identified on 30% of publicly accessible AMI images is how Amazon’s customers manipulate and deploy the AMIs, “with little attention or in a way to do errors “. Specifically, researchers question the failure to comply with Amazon’s security recommendations – yet detailed.
In a statement, they said that the managed to “extract critical data such as passwords, encryption keys and so on…” virtual machines studied. According to Professor Admad-Reza Sadeghi, who headed the Cased of the research group, it is so clear. Affected customers have been informed identified vulnerabilities.