Dirty Disks – Cloud Security

Ein sehr interessanter Artikel über den Fakt, dass man auch in der Cloud auf den Speichermedien seine Spuren hinterlässt.

The issue identified was in the area of separation of data. By launching several Cloud servers and conducting a detailed security assessment, we were able, on some of those servers, to gain access to some customers’ data remnants.

[…]

In conclusion as this is a single issue within the implementation of virtual server disk provisioning; it does not mean that the Cloud is broken. However due to the simplicity of this issue it does raise questions about the maturity of Cloud security testing. This is a significant issue that Cloud providers and customers should be aware of. Also while this blog post focuses on Cloud this issue could equally affect any multi-tenancy solution where different users share the same physical disk.

Dirty Disks Raise New Questions About Cloud Security

Soweit ich mich an den Betatest des schweizer Cloud Anbieter Cloud Sigma erinnern kann werden bei Cloud Sigma die virtuellen Festplatten aus Sicherheitsgründen (und eben diesen obenstehenden Überlegungen) mit AES-256 Verschlüsselt.