Welcome!

Server Monitoring Authors: Carmen Gonzalez, AppDynamics Blog, Yeshim Deniz, Liz McMillan, Pat Romanski

Related Topics: Server Monitoring, @CloudExpo

Server Monitoring: Blog Feed Post

Balancing Privacy with Security in Cloud Computing

Amazon Response to Botnet Incident

An e-mail exchange with Kay Kinton, a spokesperson for Amazon, on the subject of Amazon and its recent run-in with the Zeus botnet controller, raised two very interesting and valid points. First, there is a fine balance that must be maintained by providers – cloud or traditional hosting – regarding the privacy of applications and data deployed by customers and monitoring/security. Second, Kay points out that it’s easier in the EC2 environment, at least, to disable botnets once they are discovered.

The second point is one that appears on the surface to be true but I’m not entirely convinced. A cloud provider has complete control over its environment (even if you don’t, making this somewhat of a double-edged sword) and thus they can act immediately to terminate the offending application. True. But in any environment in which you have physical or management network access to an offending application/system it should be easy to terminate an offending application. Perhaps more important about this point is that a cloud computing provider can prevent the launch of another offending application, but again – I’m not sure it’s any easier or more difficult in a cloud computing environment than it would be in a traditional hosting or data center environment.

Now the first point is a bit more subtle and definitely deserves some attention as it potentially pits one customer’s privacy against one (or more) other customers’ security and raises some interesting questions regarding how deeply in the sand such a line should be drawn in a cloud computing environment.

Here is Kay’s complete response clarifying several points regarding the recent incident and subsequent coverage:

blockquote There have been numerous reports of this finding as well as speculation as to what this means to EC2 security so we appreciate the opportunity to clarify for your readers. Reports have stated that this software was run after a website in EC2 was compromised. While isolating the abusive instance, we found no evidence of a compromised website.

We were able to locate a Zeus botnet controller and promptly shut it down. We take all claims of misuse of our services very seriously and investigate each one. When we find misuse, we take action quickly and shut it down. Our terms of usage are clear and we continually monitor and work to make sure the services aren’t used for illegal activity. It’s important to note that we take the privacy of our customers very seriously, and don’t inspect the contents of instances. This is part of the reason that legitimate customers of all types are comfortable running production applications on Amazon EC2. However, when abuse is detected, we are able to act swiftly to isolate the abusive behavior.

In general, users of Amazon EC2 use the same precautions to secure and protect their websites as they do with traditional hosting solutions. It is no easier for would-be abusers to compromise EC2 based websites than other publicly available websites.

Finally, many articles have asserted that services like Amazon EC2 will be useful tools for would-be abusers. Abusers who choose to run their software in an environment like Amazon EC2, make it easier for us to access and disable their software. This is a significant improvement over the Internet as a whole where abusive hosts can be inaccessible and run unabated for long periods of time. We will continue to improve our abuse detection and response. We also encourage our community to report suspected misuse of Amazon EC2 to [email protected].

The question this raised for me was: at what point does – or should – a provider cross the privacy line in the interests of security? In a shared resource environment, where a botnet / controller / malicious software may be impacting the availability and security of other applications, which is more important to the customers: privacy or security?

The answer may be different depending on your location and by what laws you are ultimately governed, and one could argue that privacy is a subset of security (and some would argue just the opposite) but I can’t imagine anyone would argue that a customer’s privacy should be violated on the premise that the provider is simply “looking for” a violation of its terms of service. As Amazon notes, once a violation – such as using “the cloud” as a means to launch an attack or control an attack on an application – has been discovered, i.e. it is known to be running, it is completely within their rights – and ability – to terminate the offending application. But until it is detected, when the provider is simply monitoring for the existence of such a violation, the “rights” of the provider to secure the environment may clash with the “rights” of the customer to privacy. climbing-ladderBut that may clash with the rights of other customers who may be sharing the same network and thus could see their application adversely affected by the existence of malware that hasn’t yet been detected.


CAUGHT BETWEEN A ROCK and a HARD PLACE

Because providers must balance privacy against the security of its customers (and its own, as well) applications and networks, its only real option is to monitor the environment for tell-tale signs of an infected and/or malicious instance. That means primarily watching for specific patterns of traffic on the network and identifying those that appear to be indicators of viruses, worms, and botnets. In some cases that means sudden spikes in traffic, for others it means slow, gradual increases over time. For some it means specific types of traffic – UDP, TCP – and for others it means attempts to connect to sites known to host malware or parts of existing botnets. In some cases, specifically when the malware is new and unknown, the only way the provider will know for sure what’s going on is for it to be reported to them. They may see suspicious patterns in traffic and types of traffic that lead them to make an inquiry, but based on Kay’s note regarding privacy and customer data/applications, it won’t dig too deeply in order to preserve the privacy its customers value unless it’s pretty sure it knows what’s going on. Given the length of time that some instances of malware have rattled around in popular social networking sites, the speed with which Amazon was able to isolate and remediate the situation involving the Zeus botnet controller is an indicator that Amazon’s assertion that they are “able to act swiftly to isolate the abusive behavior” certainly rings true.

 

Amazon’s response is fairly clear and it appears that in many cases it – and other cloud providers as well – are caught between a rock and a hard place. There still seems to be room for “enterprise-class” clouds as a means to try to avoid the possibility of an infected/malicious application so casually deployed via credit-cards wreaking havoc in the first place, though at a minimum this response provides insight into the reasons why reality is the way it is for public cloud computing environments. As always, the risk of such an occurrence needs to be weighed against the benefits, and it’s surely the case that many organizations will find the scales tipped heavily on the side of the benefits.

Follow me on Twitter    View Lori's profile on SlideShare  friendfeed icon_facebook

AddThis Feed Button Bookmark and Share

Related blogs & articles:

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...