What do you make out of recent reports claiming vulnerabilities in Amazon's AMI?

ITworld Answers

Ask a Question

What do you make out of recent reports claiming vulnerabilities in Amazon's AMI?

SilverHawk 1 year ago

I've seen a couple of articles claiming that there are security vulnerabilities and backdoors. Clearly security is one major concern companies have with moving to a public cloud model. Amazon is such a huge player and has a pretty decent security history. Are these concerns about AMI well founded or bogus?

Tags: amazon, AMI, cloud, security

Topic: Cloud Computing

Answer this Question

Login or register to post answers
Permalink

Answers

2 total

nbetolli 1 year ago

I looked at one of the articles making these claims earlier this week, and to use your term, I think they are booooogus! It looks like most of the issues arise from people not following security best practices. If you leave passwords and sensitive information "laying around" unsecured and unencrypted and someone takes advantage of it, I don't see how that is Amazon's fault. I have seen so many instances of guidelines and procedures not being followed at companies large and small that I am not really surprised that some people are sloppy when they should be more cautious.

Share this answer
Permalink

jimlynch 1 year ago

Hi SilverHawk,

GigaOm had an article about and seemed to feel it was overblown, according to certain experts.

Amazon AMI vulnerabilities overblown, experts say
http://gigaom.com/cloud/amazon-ami-vulnerabilities-overblown-experts-say/

"Stories about potential security vulnerabilities strike a chord as more companies consider moving more of their IT workloads to public cloud infrastructure run by Amazon, Rackspace and others.

Security experts said this is more of a people problem than a technology issue in that some people deploying AMIs leave passwords, SSH keys and other data that should be locked away, unattended. That flies in the face of Amazon’s recommended practices and makes AMIs vulnerable to hackers.

The message from security experts was clear: Stupid users get what they deserve."

Share this answer
Permalink

Answer this Question

Ask a question

No big-bang Apps news at I/O, but some announcements merit attention

Apps, Google's flagship product for enterprise IT, had a minor presence at this week's I/O developer conference, but some announcements at the show and in prior weeks deserve attention from customers of the cloud email and collaboration suite.

Mark Zuckerberg’s birthday party hits a snag

Facebook’s founder turned 29 on Tuesday and the party may still be going on

SAP builds out HANA platform and ecosystem

Anyone remotely within the orbit of SAP lately knows that its number-one focus is the HANA in-memory database and development platform. At this week's Sapphire conference in Orlando, the vendor sought to show the progress it is making in both building out HANA's capabilities as well as attracting developers and partners to HANA.

Dell 'refining' plans for OpenStack-powered public cloud

Fresh off the acquisition of a company that specializes in helping customers manage resources across multiple public clouds, Dell said it is "refining" its own plans to build a public cloud based on OpenStack.

ESB Persists As Application Integration Tool

The tried-and-true enterprise service bus--long the foundation of now-dated service oriented architecture deployments--is back in style thanks to the increasing need to integrate disparate applications. The secret to ESB's future success, some say, is a close tie to API management tools.

SunGard brings cloud service to disaster recovery

Can the old guard in business continuity and disaster-recovery services thrive in an era when the companies are looking at new ways to process business data? SunGard Data Systems, with decades of experience in availability services, is feeling the pinch as some business clientele move data to the cloud. But SunGard says it's pushing forward with innovations that are making it a public cloud provider as well with the kind of application availability it says will be hard to match elsewhere.

Google takes Quick Action on Gmail

In the middle of its annual developers conference, the Google unveiled updates to its popular Gmail service.

Google rolls out by-the-minute cloud billing, introduces a new NoSQL database

Google, attempting to build its reputation as an enterprise and developer-focused cloud computing provider, today said its cloud platform is open for anyone to signup for, and can be used with a new by-the-minute billing scheme.

SAP unveils 'consumer-friendly' Fiori app suite

SAP's software is known for its role running many of the world's largest companies, but not necessarily for its user-friendliness. As part of an ongoing effort to change this perception, SAP unveiled Fiori, a set of 25 lightweight "consumer-friendly" applications that can run on desktops, tablets and mobile devices, on Wednesday at the Sapphire conference in Orlando.

Which restaurants violate health codes and other insights from open data

Open data initiatives are all the rage among governments around the world, meaning the answers to lots of interesting questions are at your fingertips