Whether or not you liked former U.S. Secretary of Defense Donald Rumsfeld, you had to chuckle over his famous "unknown unknowns" quote:
There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say, we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know.
[ From Amazon to Windows Azure, see how the elite 8 public clouds compare in InfoWorld Test Center's review. | Also check out our "Cloud Security Deep Dive." | Keep up with key security issues with InfoWorld's Security Central newsletter. ]
Although Rumsfeld was ridiculed for that statement, it was a case of a politician accidentally telling the truth, and I think anyone in computer security quickly understood what he was talking about. We are constantly faced with all three types of risks: known knowns, known unknowns, and unknown unknowns.
One of the biggest impediments to public cloud computing adoption is the calculation of additional risk from all the unknowns, known and otherwise. I've spent the last few years contemplating these issues as both a public cloud provider and user. Here's a list of five risks any business faces as a customer of a public cloud service.
Cloud risk No. 1: Shared access
One of the key tenets of public cloud computing is multitenancy, meaning that multiple, usually unrelated customers share the same computing resources: CPU, storage, memory, namespace, and physical building.
Multitenancy is a huge known unknown for most of us. It's not just the risk of our private data accidentally leaking to other tenants, but the additional risks of sharing resources. Multitenancy exploits are very worrisome because one flaw could allow another tenant or attacker to see all other data or to assume the identity of other clients.
Several new classes of vulnerabilities derive from the shared nature of the cloud. Researchers have been able to recover other tenants' data from what was supposed to be new storage space. Other researchers have been able to peek into other tenants' memory and IP address space. A few have been able to take over another tenant's computing resources in totality by simply predicting what IP or MAC addresses were assigned.
Multitenancy security issues are just now becoming important to most of us, and the vulnerabilities within are starting to be explored. The best precursor example is a single website placed on a Web server with hundreds or even thousands of other, unrelated websites. If history is any guide -- it usually is -- multitenancy will be a big problem over the long haul.
Cloud risk No. 2: Virtual exploits
Every large cloud provider is a huge user of virtualization. However, it holds every risk posed by physical machines, plus its own unique threats, including exploits that target the virtual server hosts and the guests. You have four main types of virtual exploit risks: server host only, guest to guest, host to guest, and guest to host. All of them are largely unknown and uncalculated in most people's risk models.
When I talk to senior management about virtual risk issues, their eyes glaze over. Many have said to me that the risks are overblown or exploits are unheard of. I usually tell them to check out their own virtualization software vendor's patch list. It isn't pretty.
To up the ante, the cloud customer typically has no idea what virtualization products or management tools the vendor is running. To shed some light on this risk, ask your vendor the following questions: What virtualization software do you run? What version is it on now? Who patches the virtualization host and how often? Who can log into each virtualization host and guest?