If there is anything the cloud movement doesn't need more of it is great PR. With all the images of nice, puffy white clouds amongst blue skies, businesses can't move to the various platforms fast enough. Such is the case for Amazon's EC2 Cloud Service. In reality though, these clouds resemble those of a dark and dingy thunderhead, maybe even full of acid rain. Before we launch into the cloud though, let's ground ourselves a little bit.
If you've never worked on the side of a support desk that handles the refurbishment of employee machines, you really have missed out on seeing the incredibly vile state that keyboards, phones, mice, and laptops can get in. Trust me, these guys have see things they can't un-see.
In many cases after a deep sanitation of a devices exterior, inspection of its digital domain more often than not indicates the same lack of attention. Malware, spyware, and eight versions of weather bug that have brought a machine to its knees are just the beginning. Files on the desktop that contain passwords to sensitive company resources, and instructions on how to access them are just a couple of things that get left behind. Luckily the thoroughness of a good team catches all this and provides a fresh, clean machine for the next recipient.
Imagine then, if you will, an environment where the team that was responsible for this detoxification of hardware and software, simply passed it along to the next user in the same state the last user left it. With any number of pathogens, both physical and digital, that might be displaced to the next user, the results would be chaos. Unfortunately this already is happening, and not just on poorly managed service desks. It's happening in the Cloud, Amazon's Cloud in fact.
Forbes recently wrote about a group of researchers (France's Eurecom technology institute, Northeastern University and the security firm SecludIT in Europe) that have investigated the rentable, EC2 virtual environments that Amazon's Cloud Service offers. What they found was, for the most part disconcerting. From, keys left behind that allow previous renters to access servers long after they have gone to data that was simply left behind, there really is an absence of reprocessing services by Amazon.
Now, one might think this is simply Amazon dropping the ball. That perhaps, they just need to implement better processes, or even some ITIL best practices for making sure new tenants have a clean environment. Actually though, Amazon washes its hands of the situation, posting this, and stating, " The purpose of this document is to remind users that it is extremely important to thoroughly search for and remove any important credentials from an AMI [ Amazon Machine Images] before making it publicly available."
The key here is that, and we say this a lot, the cloud requires the same level of process and preparation that any internal infrastructure would have. While the worry of maintaining physical hardware and ensuring it is kept online might be reduced, it is in no way a platform where you can simply throw care and best practices to the wind. Sure, some might consider Amazon's position unacceptable, and they may make changes because of that. Even then, stay diligent and make sure you have control over your IT infrastructure no matter where it is located.