By Computerworld (UK) | Jun 5, 2012
Low-cost cloud computing and storage can be a boon for IT managers with tight budgets looking to get as much computing power for their money as they possibly can.
One of the major ways this is achieved is through multi-tenancy. Multi-tenancy allows a single physical instance of a resource to be shared among multiple consumers, which allows for consolidation of and more effective usage of those resources. This lies at the heart of cloud computing, taking some models from the mainframe era and porting them to today’s modern hardware. But while multi-tenancy in public and private clouds offers economies of scale, it can also create potential problems for enterprise users.
Infrastructure, whether on-premise or cloud, is about cost, security, performance, control and flexibility. These five key issues are at the forefront of IT managers’ minds when it comes to implementing infrastructure and the applications that run on top. So can cloud providers deliver this in a multi-tenanted cloud environment? Where do they fall short and what can the IT manager do to mitigate risks for their organisation?
To look through the glossy prospectuses that cloud providers provide, many IT managers would think, on first impressions, they may be signing up to the Fort Knox of cloud and all will be well. However, recent investigations by independent security consultancy Context Security found that for many major multi-tenanted cloud providers, this is far from the case.
Many cloud providers will tell prospective clients that data and settings are isolated from others. However, investigations by Context’s consultants found examples where fragments of customers’ databases and other system information could be seen by others. When this sort of information, which Context found included personal, identifiable information, such as parts of customer databases and elements of system information such as Linux shadow files (containing the system’s password hashes), was put together, it could allow an attacker to take control of other hosted services.
Such systems weaknesses are analogous to renting an apartment, only to find the tenants next door can let themselves in and wander around, find your wallet and car keys and then pass themselves off as you while using your car.
Recent popular content
Recent popular content