|By Lori MacVittie||
|December 19, 2009 11:00 PM EST||
An e-mail exchange with Kay Kinton, a spokesperson for Amazon, on the subject of Amazon and its recent run-in with the Zeus botnet controller, raised two very interesting and valid points. First, there is a fine balance that must be maintained by providers – cloud or traditional hosting – regarding the privacy of applications and data deployed by customers and monitoring/security. Second, Kay points out that it’s easier in the EC2 environment, at least, to disable botnets once they are discovered.
The second point is one that appears on the surface to be true but I’m not entirely convinced. A cloud provider has complete control over its environment (even if you don’t, making this somewhat of a double-edged sword) and thus they can act immediately to terminate the offending application. True. But in any environment in which you have physical or management network access to an offending application/system it should be easy to terminate an offending application. Perhaps more important about this point is that a cloud computing provider can prevent the launch of another offending application, but again – I’m not sure it’s any easier or more difficult in a cloud computing environment than it would be in a traditional hosting or data center environment.
Now the first point is a bit more subtle and definitely deserves some attention as it potentially pits one customer’s privacy against one (or more) other customers’ security and raises some interesting questions regarding how deeply in the sand such a line should be drawn in a cloud computing environment.
Here is Kay’s complete response clarifying several points regarding the recent incident and subsequent coverage:
There have been numerous reports of this finding as well as speculation as to what this means to EC2 security so we appreciate the opportunity to clarify for your readers. Reports have stated that this software was run after a website in EC2 was compromised. While isolating the abusive instance, we found no evidence of a compromised website.
We were able to locate a Zeus botnet controller and promptly shut it down. We take all claims of misuse of our services very seriously and investigate each one. When we find misuse, we take action quickly and shut it down. Our terms of usage are clear and we continually monitor and work to make sure the services aren’t used for illegal activity. It’s important to note that we take the privacy of our customers very seriously, and don’t inspect the contents of instances. This is part of the reason that legitimate customers of all types are comfortable running production applications on Amazon EC2. However, when abuse is detected, we are able to act swiftly to isolate the abusive behavior.
In general, users of Amazon EC2 use the same precautions to secure and protect their websites as they do with traditional hosting solutions. It is no easier for would-be abusers to compromise EC2 based websites than other publicly available websites.
Finally, many articles have asserted that services like Amazon EC2 will be useful tools for would-be abusers. Abusers who choose to run their software in an environment like Amazon EC2, make it easier for us to access and disable their software. This is a significant improvement over the Internet as a whole where abusive hosts can be inaccessible and run unabated for long periods of time. We will continue to improve our abuse detection and response. We also encourage our community to report suspected misuse of Amazon EC2 to [email protected].
The question this raised for me was: at what point does – or should – a provider cross the privacy line in the interests of security? In a shared resource environment, where a botnet / controller / malicious software may be impacting the availability and security of other applications, which is more important to the customers: privacy or security?
The answer may be different depending on your location and by what laws you are ultimately governed, and one could argue that privacy is a subset of security (and some would argue just the opposite) but I can’t imagine anyone would argue that a customer’s privacy should be violated on the premise that the provider is simply “looking for” a violation of its terms of service. As Amazon notes, once a violation – such as using “the cloud” as a means to launch an attack or control an attack on an application – has been discovered, i.e. it is known to be running, it is completely within their rights – and ability – to terminate the offending application. But until it is detected, when the provider is simply monitoring for the existence of such a violation, the “rights” of the provider to secure the environment may clash with the “rights” of the customer to privacy. But that may clash with the rights of other customers who may be sharing the same network and thus could see their application adversely affected by the existence of malware that hasn’t yet been detected.
Because providers must balance privacy against the security of its customers (and its own, as well) applications and networks, its only real option is to monitor the environment for tell-tale signs of an infected and/or malicious instance. That means primarily watching for specific patterns of traffic on the network and identifying those that appear to be indicators of viruses, worms, and botnets. In some cases that means sudden spikes in traffic, for others it means slow, gradual increases over time. For some it means specific types of traffic – UDP, TCP – and for others it means attempts to connect to sites known to host malware or parts of existing botnets. In some cases, specifically when the malware is new and unknown, the only way the provider will know for sure what’s going on is for it to be reported to them. They may see suspicious patterns in traffic and types of traffic that lead them to make an inquiry, but based on Kay’s note regarding privacy and customer data/applications, it won’t dig too deeply in order to preserve the privacy its customers value unless it’s pretty sure it knows what’s going on. Given the length of time that some instances of malware have rattled around in popular social networking sites, the speed with which Amazon was able to isolate and remediate the situation involving the Zeus botnet controller is an indicator that Amazon’s assertion that they are “able to act swiftly to isolate the abusive behavior” certainly rings true.
Amazon’s response is fairly clear and it appears that in many cases it – and other cloud providers as well – are caught between a rock and a hard place. There still seems to be room for “enterprise-class” clouds as a means to try to avoid the possibility of an infected/malicious application so casually deployed via credit-cards wreaking havoc in the first place, though at a minimum this response provides insight into the reasons why reality is the way it is for public cloud computing environments. As always, the risk of such an occurrence needs to be weighed against the benefits, and it’s surely the case that many organizations will find the scales tipped heavily on the side of the benefits.
Related blogs & articles:
- Botnets, Worms, and “Open” Clouds: Can Enterprise-Class Clouds Be Far Behind?
- Putting a Price on Uptime
- Amazon Elastic Load Balancing Only Simple On the Outside
- Virtual Private Cloud (VPC) Makes Internal Cloud bursting Reality
- The Virtual Public-Private Cloud Connection
- Amazon Compliance Confession About Customers, Not Itself
- Securing the Other Side of the Cloud
- Control, choice, and cost: The Conflict in the Cloud
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, will discuss some of the security challenges of the IoT infrastructure and relate how these aspects impact Smart Living. The material will be delivered i...
Mar. 26, 2017 09:45 PM EDT Reads: 2,027
Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, represent...
Mar. 26, 2017 08:30 PM EDT Reads: 6,097
As organizations realize the scope of the Internet of Things, gaining key insights from Big Data, through the use of advanced analytics, becomes crucial. However, IoT also creates the need for petabyte scale storage of data from millions of devices. A new type of Storage is required which seamlessly integrates robust data analytics with massive scale. These storage systems will act as “smart systems” provide in-place analytics that speed discovery and enable businesses to quickly derive meaningf...
Mar. 26, 2017 07:45 PM EDT Reads: 9,578
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, will provide a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services ...
Mar. 26, 2017 06:45 PM EDT Reads: 4,245
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Mar. 26, 2017 06:30 PM EDT Reads: 2,034
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
Mar. 26, 2017 05:00 PM EDT Reads: 2,121
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Mar. 26, 2017 02:30 PM EDT Reads: 1,762
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great dea...
Mar. 26, 2017 02:15 PM EDT Reads: 4,367
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
Mar. 26, 2017 02:00 PM EDT Reads: 3,384
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Mar. 26, 2017 01:45 PM EDT Reads: 1,833
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Mar. 26, 2017 01:45 PM EDT Reads: 8,503
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Mar. 26, 2017 01:15 PM EDT Reads: 2,122
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
Mar. 26, 2017 12:45 PM EDT Reads: 1,314
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Mar. 26, 2017 12:30 PM EDT Reads: 1,124
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Mar. 26, 2017 11:00 AM EDT Reads: 2,206
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...
Mar. 26, 2017 10:45 AM EDT Reads: 632
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
Mar. 26, 2017 10:15 AM EDT Reads: 3,015
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
Mar. 26, 2017 09:30 AM EDT Reads: 4,305
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Mar. 26, 2017 09:15 AM EDT Reads: 1,964
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...
Mar. 26, 2017 09:00 AM EDT Reads: 3,888