Who Has The Keys To Your Cloud Server
Andy Waroma
Sales Leader @ Google | Founder | Certified Advisory Board Chair | Qualified Listed Entity Director | Mentor
Most cloud solutions are built on hypervisor and virtual machine technologies. There are few cloud providers who offer bare metal servers instead of virtual machines but they are more of an exception. In general the cloud provider, in this case an Infrastructure as a Service (IaaS) provider, builds their services on top of a hypervisor to pool together physical resources that can then be virtualized. The benefit is, that it allows the abstraction of the underlying hardware and the control of vast number of virtual servers with relative ease.
The cloud provider runs the hypervisor and the customer subscribes or rents virtual servers provisioned on top of the hypervisor. When a customer subscribes to a virtual machine the expectation typically is that no one else has access to it. Not even the cloud provider. If you lose the access keys to the virtual machine the cloud provider cannot help you.
When we store money in the bank we certainly hope that the bank knows at any given time how much of money we have deposited in which currency on which account. The cloud is similar; we hand over our data for someone else’s safekeeping but now the expectation towards the cloud provider is different. We assume that the cloud provider has no insight into the data we store with them. They shouldn’t know what workloads we run in the cloud and what data gets processed.
This hopefully is the case, as most cloud providers tell us it’s the case. However, with a technology called Virtual Machine Introspection and few other software packages it is trivially easy to potentially gain full access to any virtual machine running on the hypervisor. Tamas K. Lengyel has shown (https://tklengyel.github.io/drakvuf/) in his research that with the help of software that he and several others have developed not only can the hypervisor owner monitor each and every process on the virtual machine, but retrieve files that are only stored in the memory of the virtual machine and inject code from the hypervisor to execute any program on the virtual machine itself. The code does not require to know the user ID or password of the virtual machine. With this approach every single virtual server is open to the owner of the hypervisor and the customer running the virtual machines would not even know about it.
This is not to suggest that any of the cloud providers have actually implemented this type of functionality but since it’s so easy, we as users of these cloud services should very carefully evaluate which cloud provider we put our trust in as potentially the cloud providers do not even need the proverbial keys to access everything we do on our servers.
Ll.B. MLCO
8 年Very interesting information thx
IT professional
9 年Andy, many thanks for sharing this information which should be taken into consideration by every public cloud user.
MLOps, data, backend and infrastructure software engineer
9 年One of the good practice to solve this problem is cloud servicer to provide a way other than VM keys, or id and pw, to access the VM, such as cloud service account with some special role.
Principal Consultant: Cybersecurity, IT Architecture, Project Management & Private Equity Advisor
9 年Every use of technology and service requires varying degrees of trust that are inversely proportional to the direct knowledge of the technology and service. The trust requirement increases as the technology becomes more complex and the sources become less visible. The highest degree of trust is in outsourcing operations and using open-source or freeware software. The lowest degrees of trust requirement are in building from the ground up (HW, OS, Apps, etc) by yourself and operating them yourself. The trick with all of this is understanding the technology, as presented, and being able to evaluate the pathological conditions that could occur to construct a reasonable risk strategy. Key to this is understanding what can be actually verified and what is being taken on faith and what the consequences of that trust may be.
CIO/CTO | Partner at Justin Group - helping enterprises to produce better services
9 年Interesting. The old proverb "if you don't hold it, you don't own it" comes to mind. Your data is yours only if it is on your HW and in your "house" (or DC). I would assume most cloud providers to soon have this capability in place since local intelligence agencies and police agencies will be heavily pushing for this kind of access "for public good". On the other hand I might just be a tad paranoid... hopefully.