Cloud security is still a top-of-mind issue, even though cloud vendors and partners have been good about allaying customers' and potential customers' fears, but even as security continues to increase, there are still risks in any kind of IT. Breaches still happen, regardless of whether they end up in headlines, and national information security risk assessment firm Digital Defense has come out with a short list of the some of the key ways hackers are hijacking cloud services.
In its recent blog post, Digital Defense outlined what it calls "the back door on the side of your server." The blog is a bit technical at times, but the gist is that there are "critical IPMI (intelligent platform management interface) vulnerabilities" in rack servers that pose a significant threat to organizations and the cloud services they run on those servers, as well as the data those apps touch.
IPMI-based attack vectors can be "extremely damaging," the firm noted. It broke the vulnerabilities down this way:
- IPMI-based security weaknesses exist within network-accessible embedded components of rack-mount hardware. As such, normal operating system-based security controls offer no protection.
- Attackers can hijack powered-on servers even when they are shut down, and then leverage this access to take over the primary operating system. This is true whether the organization is running Microsoft (MSFT) Windows (32-bit or 64-bit) or Linux operating systems on the targeted servers.
- This issue appears to be widespread. Rack-mount servers with these flaws have been in distribution for years, and exist within a variety of models manufactured by numerous vendors.
Digital Defense's Vulnerability Research Team has been performing analysis on rack-mount servers and IPMI-based security weaknesses. The firm noted it withheld its blog post so it could quietly inform its customers first of the risks (no sense alerting the bad guys who haven't found the security holes yet, right?).
"When our security research team examined these embedded interfaces, the magnitude of the implementation flaws became clear. We knew we had to act quickly to ensure our clients were not impacted by the threat," said Gordon MacKay, executive vice president and CTO at Digital Defense, in a prepared statement.
Digital Defense presented its findings at the BSides Texas: San Antonio in May after spending months informing its customers and technology partners of the vulnerability.
So there's still a lot of work to do to ensure cloud security, but because of research such as this, there are ample opportunities for security-minded channel partners to get ahead of the curve and help customers create strategies for dealing with the issues.