Security in the Cloud

In January, I made a seed investment in a company called Standing Cloud.  My premise was that as “cloud computing” proliferated, it’d be a total mess for the typical application developer and ISV.  Over the past six months a small team of super talented long time software developers and system architects have been exploring a wide variety of cloud services, OS instances, and popular open source software packages to understand where the “extremely broad painful problem that no one is addressing” is going to be.

Dave Jilk, Standing Cloud’s founder, and I are going to hike Mount Bierstadt as part of our annual tradition of climbing a 14er together (this will be #4).  We’ll have each other trapped together for 5+ hours to consolidate our thinking on what we’ve learned so far this year and which particular angle to position Standing Cloud on the launch pad.

image 

In the meantime, one of the other Standing Cloud founders – Joel Wampler – wrote a guest post on ElasticVapor titled Fixing Major Linux Kernel Vulnerabilities in the Cloud.  If you are interested in this type of thing, it’s a good hint about the types of things that Standing Cloud is uncovering every single day.  For example:

“Last week, a Linux kernel vulnerability that allows for local privilege escalation through a NULL pointer dereference was announced. Many of the major Linux distributions are still working to provide updated kernels, and a few already have. Once updated kernels are released, applying the patches should be straightforward. But for systems running in the cloud, additional complexities and delays may arise.

Most providers of on-demand cloud servers require the use of custom kernels, which are tuned for the provider’s specific virtualization implementation. These custom kernels significantly change the upgrade path, and may even affect the short-term workarounds provided by the upstream distribution.

For instance, the Ubuntu bug report for this issue states the following:

Ubuntu 8.04 and later have a default setting of 65536 in /proc/sys/vm/mmap_min_addr. When set, this issue is blocked.

However, if a system is running Ubuntu 8.04 on Amazon EC2, the underlying kernel is likely based on a Fedora Core 8 Xen kernel. This is one of the kernels Amazon provides to those who create boot images for their service, and most such images use this kernel regardless of the distribution running on top of it. Thus the default setting of 65536 cannot be relied upon; and worse, this proc setting does not even exist in the Fedora kernel, so there is no way to repair the image to match this workaround.”

Lots more coming soon – get ready for it.  In the mean time, I hope there are no clouds on my hike tomorrow.

  • http://intensedebate.com/people/JChauncey JChauncey

    speaking of security and cloud computing did you happen to notice this article on slashdot – http://it.slashdot.org/story/09/08/17/0438207/Ama

  • http://intensedebate.com/people/bfeld Brad Feld

    Yeah – while this just hit Slashdot, I just checked with “my local expert” and he said it’s been known / acknowledged for a while.

  • DaveJ

    Note for Brad's stalkers: Guanella Pass road is closed, we're going to do a different 14er.

  • http://www.extendance.com/blog RHaller

    yes this is a nice idea to go hiking for a brainstorming day, will intro that too now, the mountains in Switzerland are as high as yours it seems and – I am biased of course – the most impressive too, see e.g.
    http://adventuretravel.about.com/od/hikingwalking

    • http://intensedebate.com/people/bfeld Brad Feld

      The Swiss Alps look awesome. I've never been there, but it's definitely on my list. In the mean time I find a day hiking with a CEO / entrepreneur talking about their business and figuring out where to go with it is very satisfying at many levels.

  • http://jorge-delgado.com/blog Jorge

    Great post and Don't worry about the clouds!

    Talk soon,
    Jorge

  • http://intensedebate.com/people/bfeld Brad Feld

    We had an awesome hike – did two 14ers (three if you count the unofficial one) – Mt. Democrat, Mt. Lincoln, and Mt. Cameron.  Zero clouds – beautiful day.

    • http://intensedebate.com/people/smurchie Steve Murchie

      I thought I remembered doing Lincoln, Democrat and Bross all together years ago. Is that not the standard trifecta anymore? Congrats either way – I remember it was a beautiful hike.

      • http://intensedebate.com/people/bfeld Brad Feld

        Yes – Bross is the third.  We contemplated doing it but were starting to feel tired so we called it a day after Lincoln.

  • http://intensedebate.com/people/JChauncey JChauncey

    does 14er refer to altitude? if so man i got winded climbing up a small hill in the rocky mountain national park. cant imagine climbing up something like that.

  • Pingback: Kontes SEO

  • Pingback: cheap auto insurance in houston tx

  • Pingback: cheap auto insurance ny

  • Pingback: fast cash advance