Within one day, Amazon Web Services (AWS) announced two important security features: AWS Virtual Private Cloud and Multi-Factor Authentication. This is good to hear – and shows two things in my opinion:
- Security is beginning to drive Amazon’s roadmap
- Amazon considers hybrid deployments, i.e. the combination of internal IT with public clouds, as an important scenario for cloud adoption in the enterprise market.
The VPC is effectively extending the perimeter of the customers’ datacenters into the public cloud. Amazon speaks of isolation at the network level. I wonder if they can guarantee that instances running on the VPC do not share virtual machines with other instances outside the VPC. It would be great to provide isolation at the AMI instance level as well to avoid problems of side channel attacks between images executing on the same virtual machine, such as the attacks described here.
Update from Amazon: “We don’t make any such guarantee at present. Over time, if customers ask for this, we’ll certainly do our best to meet their needs.“
Since Chrismas is approaching fast, two things I would like to add on my wishlist:
- it would be great to know more about the traffic isolation within VPC
- to be able to use security groups on VPC as well
More reading on Amazon’s recent security announcements:
- CloudAve: VPC – Does it make the world more secure?
- Cloud Pulse: Amazon VPC pees in your pool
- Giga Om: Will Amazon VPC be private enough?