CloudyScripts for vCloud

Starting from now, CloudyScripts – our popular open-source library (more than 10000 downloads up to now) that aims at relieving administrators from finicky scripting details to secure and manage cloud infrastructures – now supports the vCloud API in addition to Amazon EC2. vCloud is the cloud stack provided by VMWare and already adopted by around 30 hosting…

EC2 Usage among Tech-Companies

Until recently, Guy Rosen on Jack of all Clouds published every month his “State of the Cloud” that tracked the adoption of cloud infrastructure services (IaaS) over time. For that purpose, he checked for the 500.000 top ranked web-sites if they were actually run by one of the big cloud infrastructure providers like Amazon EC2, Rackspace, GoGrid, etc.…

Elastic Detector for free

Elastic Detector, our fully automated security event detection tool for Amazon EC2, is now available for free. It helps administrators and users of Amazon EC2-based infrastructures to continuously identify holes on security groups and applications, thus dramatically reducing the risk of external and internal attacks. In contrary to existing tools, you don’t need to install any additional…

Detect useless Snapshots and Volumes in the Amazon EC2 Cloud

Do you know that problem? You started and stopped server instances on the Amazon Cloud, performed snapshots of instances or EBS volumes, and after some weeks or months you find the EC2 console totally cluttered. There are lots of unattached volumes with completely meaningless IDs and dozens of nameless snapshots, for which you even don’t know what they…

Symposia Journal

The latest edition of the Symposia Journal is out, a magazine with community driven high quality articles around Cloud Computing (partly in German). We contributed to the latest edition with an article about the top threats of cloud computing in the IaaS space and how to tackle them. Have fun reading!

The Risk of Unused Public Ports

Services with public access must be kept only to public services. Public services are the most exposed to external attacks and should be minimized. Furthermore, public access requires a running public service in order to prevent an attacker or insider (with no access to the security groups firewall) from deploying a rogue publicly available service…

New CloudyScript: Detect Port Ranges

Amazon EC2 uses the notion of Security Groups to let users define inbound firewall rules (called permissions) that are dynamically applied to all server instances that are part of the group. This concept is easy and very powerful at the same time, since permissions must be configured once only and are then applied like a template…

Cloud Security and the End-to-End principle

The End-to-End Argument The end-to-end principle in systems design has become famous for its successful implementation in the Internet architecture. It suggests “that functions placed at low levels of a system may be redundant or of little value when compared with the cost of providing them at that low level.” The complexity and cost of…

Cloud Security – Who is Responsible?

A recent survey among cloud providers (via) raises the question about the responsibility for security between cloud-providers and cloud-users. A large majority of 69% out of the 127 cloud providers asked in this survey rather consider the cloud user responsible for ensuring the security of the cloud services (while 35% of the cloud users see…