Is Your Cloud Provider Exposing Remnants of Your Data?
Security researchers report that incorrectly configured hypervisors can lead to a separation of data issue in multi-tenant environments that can expose data remnants. However, you can prevent hosting your data on 'dirty disks.'
Thu, May 10, 2012
CIO — If your organization uses a multi-tenant managed hosting service or Infrastructure as a Service (IaaS) cloud for some or all of your dataand you aren't following best practices by encrypting that datayou may be inadvertently exposing it.
Last year, information security consultancy Context Information Security was tasked by a number of its clients, mostly banks and other high-end clients with serious security concerns, to determine whether the cloud was safe enough for their computing needs.
Context studied four providers: Amazon, Rackspace, VPS.net and GigeNET Cloud. And in two of the four providersand potentially many othersit found a security vulnerability that allowed it to access remnant data left by other customers.
"We were looking at the unallocated portions of the disk," says Michael Jordan, manager of research and development at Context. "We were able to look through it and started to see there was data in there. That data was hard disk data and it wasn't our hard disk data."
Data Remnants Included Personally Identifiable Information
The data Jordan and his team discovered included some personally identifiable information, including parts of customer databases and elements of system information, such as Linux shadow files (containing the system's password hashes).
Jordan notes that the information wouldn't be evident to the typical user of cloud servers and would have to be sought. Moreover, he adds, the remnant data was randomly distributed and would not allow a malicious user to target a specific customer. But a malicious user who discovers it could harvest whatever unencrypted data it does contain.
"After examining a brand new provisioned disk on one of the providers, some interesting and unexpected content was discovered," Jordan and James Forshaw, principal consultant at Context, wrote in a blog post about their discovery. "There were references to an install of WordPress and a MySQL configuration, even though the virtual server had neither installed.
Expecting it to be perhaps just a 'dirty' OS image, a second virtual server was created and tested in the same way. Surprisingly, the data was completely different, in this case exposing fragments of a Website's customer database and of Apache logs which identified the server the data was coming from. This confirmed the data was not from our provisioned server."
Incorrectly Configured Hypervisors to Blame
The issue, Jordan says, was with the way the providers provisioned new virtual servers and how they allocated new storage space. On the front end, when clients create new virtual servers, they use the provider's website to select the operating system and amount of storage they require.