Matthew Garrett is one of the top network engineers in the world. Having previously worked at Red Hat as well contributing to the development of the Linux Kernel, his commentary is often taken with the highest regard. Garrett was the keynote speaker at the Australian Linux.Conf.AU tech conference. Garrett was quite candid in his comments on cloud security and he emphasized that the hypervisor is the main point of attack for hackers.
In relation to the hypervisor security concerns, Garrett said, “On the balance of probabilities, you have to assume that hypervisors probably do contain vulnerabilities, that they do contain flaws that can be exploited to gain access and allow guests to break out into the hypervisor.”
Garrett went on to say, “If you host with Amazon, you have no idea what else is running on the same hardware, you have no way of seeing the other guests, what services they are running? It’s conceivable that your personal website could be hosted on the same piece of hardware as a credit card processing system.”
Garrett brought up some good questions for those who utilize public Infrastructure as a Service. Many of these same concerns are shared by IT professionals contemplating a switch to the cloud. With many of these questions still needing answers, many executives have opted to build out private clouds instead of vesting their whole operation on a public infrastructure.
Garrett continued to bring up good points in his presentation by noting, “Nobody publishes their security implementations publicly; you just have to take us on trust. The entire public statement from Amazon about guest security is that ‘the hypervisor protects guests from interfering with each other.’”
Trust and reputation is what it all comes down to when selecting a public cloud provider. In his closing statements, Garrett said, “Whoever owns the hypervisor potentially owns the guests, and your cloud provider owns the hypervisor. You need to trust your cloud provider to still be good, unfortunately.”