by Peter Wayner

12 dark secrets of cloud security

Jul 17, 2019
Cloud ComputingSecurity

The cloud is essentially a dark pool of computational power and that mystery can lull us into complacency. Here’s what you don’t know about keeping your data secure in the cloud.

dark secrets of enterprise architecture men meetng in dark tunnel
Credit: SolarSeven / Getty Images

The promise of cloud computing is irresistible. For pocket change, you can spin up a server. Backups can be created with a click. No more worries about buying hardware or keeping the server closet cool. Just log in and go.

But what you gain in convenience, you lose a little control. And anyone with an ounce of paranoia might start pondering the catch. What’s going on behind the curtain?

Enterprises at first were wary of giving up data and workloads to the cloud for fundamental reasons, including questions around security and privacy. And while early trepidations have given way to an era in which the cloud has become a primary IT strategy, many of those original concerns still hold — and even more have arisen since reliance on the cloud has exploded.

Here are 12 dark security secrets of doing business in the cloud.

The same security holes persist

Cloud instances run the same operating systems as our desktops or standalone servers. If there’s a backdoor in Ubuntu 14 that enables someone to break into the machine in your hardened server room, it’s almost certain that the same backdoor will let someone into your version running in the cloud. The cloud instances we love were designed to be interchangeable with our private hardware and that, alas, also applies to the bugs. 

You can’t be too sure you know what you’re getting

When you fired up your cloud machine, you clicked on the Ubuntu 18.04 button or maybe the FreeBSD button. Are you sure you’re running the standard distribution? One friend who has worked at a shared hardware colocation claims his company inserted secret accounts in their distributions and then meddled with the standard UNIX routines for ps and top to ensure their activities were invisible. He said the bugged versions were created with the customer in mind. It was all to make debugging and customer service better. But, he wouldn’t admit, it could also be used for nefarious purposes.

Trusting your cloud provider has to be axiomatic. We need to have a rock-solid belief in their incorruptibility. Alas, it’s harder to be certain about all of their employees.

There’s that extra layer beyond your control

Cloud instances generally come with an extra layer of software sitting under the operating system and it’s completely outside of your control. You may get root access to your OS, but you don’t have any idea what’s going on below. The largely undocumented layer could be used to do anything to your data as it flows through.

The staff doesn’t work for you

Cloud providers love to tout the extra support and security teams that contribute to the security and stability of their instances. Most companies aren’t big enough to support such dedicated staff and so it’s easy for cloud companies to address problems that smaller companies can’t hope to tackle. The problem is that this team doesn’t work for your company. They don’t report to you and their futures have little to do with your bottom line. You probably won’t know their names and you may end up communicating with them via faceless trouble tickets — if they write back at all. Maybe that’s all you need. You can cross your fingers and hope.

You have no idea who is on your machines

The great economic advantage of the cloud is that you’re sharing the cost of upkeep and physical maintenance with others. The big limitation is that you lose the power that comes from completely controlling the hardware. You have no clue who is using the same machine. It’s probably some nice church lady who is maintaining a database of parishioners, but it could be a psychopath. Worse, it could be a thief trying to steal your secrets or your money.

Economies of scale cut both ways

The great thing about the cloud is that the massive economics mean that costs are cheap because the cloud companies have racks and racks of hardware. This helps keep prices low — but it also leads to a monoculture that makes life simpler for attackers. Finding one hole in one instance can pop open bazillions of instances.

Security trade-offs increase costs

Cloud companies are caught in a quandary. They can defend against attacks like branch prediction by turning off branch prediction, but then everything gets a bit slower. So, do they want to decrease performance? Do we want them to? In the cloud, a slower machine only increases the price.

Companies have differing security needs

You may run a banking operation moving billions of dollars. But that’s not everyone’s business in the cloud. The fact is, one size doesn’t fit all in the security business but the cloud companies are in a commodity business. Do they aim high and work on supporting the serious applications? Or do they cut corners and deliver a low price to the applications that don’t need to care? There is no right decision because every customer is different and, indeed, customers have diverse needs too. Every microservice inside every app is different.

Everything is opaque

The cloud is essentially a dark pool of computational power and that mystery lulls us into complacency. If we don’t know where our chips might be, the attackers don’t know either. But we’re just crossing our fingers and assuming that attackers can’t find a way to share our machines because we don’t know how the machines are assigned. But what if there is a pattern that can be exploited? What if there’s some secret flaw that can be leveraged to shift the odds dramatically?

Attackers have powers over our resources

A key feature of the cloud is that it automatically adapts to demand. If there’s a spike in requests, the cloud can spin up new versions of your machines. The troublesome thing is it’s very easy to create fake demand. An attacker can trigger one of your apps to spin up new instances by several thousand quick visits. What if a cloud company powers up new hardware when demand spikes? What if all of the new instances are stuck on this newly powered up hardware? An attacker can request a new instance soon after triggering your cloud to expand and, voila, the odds are much better that everyone will be sharing the same memory space.

Too much cloning

Many cloud architects like the model of using many smaller machines that can be started and stopped as demand rises and falls. It’s not just the cloud companies that are in the commodity business. Simplicity encourages everyone to make the small machines exactly the same and that means duplicating many of the same secrets. If there’s some private key used to sign documents or to log in to a database, all of the cloned instances will have it. That means there are N targets instead of just one, increasing the chance of an attacker landing on the same physical hardware.

The odds may be less in our favor than we think

The attacks aren’t hypothetical, but the odds can be long. They’re not easy to execute. The big advantage of cloud security is that it’s one big dark pool of computational power. How can an attacker wrangle a way onto our particular bag of chips? What are the odds that a bad actor will inhabit the same memory space? Can the attacker ever find us? It’s easy to be lulled into a sense of security by the long odds. But can we know?