If you want your information to be protected, you're advised to steer clear of a Cloud Service provider that's open to the public. According to a recent report, Amazon's public cloud is a veritable breeding ground for malware.
The findings about Amazon's cloud came out in a report released by Solutionary, a security company that publishes a quarterly "Threat Intelligence Report." According to the report, the U.S. leads the world in malware by a long shot, hosting 44 percent of malware internationally. To put that in perspective, the next closest is Germany, with 9 percent. The reason for that massive number is due in no small part to the presence of malware in the public cloud, the report found. Among the top 10 malware sites, Amazon is the hosting provider for four of them, including the number one site, Download-instantly.com. Concerns about Amazon's susceptibility to attack are not without precedent, and became a big discussion point at the 2009 Black Hat security conference, according to The Washington Post.
The report explained that Amazon and GoDaddy's clouds are easy targets for malicious attack because setting up sites through them is such a quick process. "A site can be up and running in minutes with minimal cost," the report stated, adding that Amazon and GoDaddy are flooded with so many ephemeral users that it's impossible for them to keep track, making it extremely easy for attackers to slip under the cracks. And as quickly as they've set up the site they can tear it down, leaving no trace of the damage they've caused. Because malware is often established on name-brand hosting sites like Amazon or Google, it can become harder to identify since it's cloaked in a credible name, and the websites also frequently appear legitimate, the report said. By the time they're discovered, it's often too late.
Solutions: avoiding the public cloud's risky business
Solutionary's report concludes by pointing out that in order to remain secure in places like Amazon's Cloud, users must monitor their organizations' security on a regular basis, including frequently scanning for vulnerabilities and having software analyzed to make sure it's not weak. But these are cumbersome tasks to carry out on a regular basis, and don't make practical sense for an enterprise that's looking to do business through the cloud.
If your business is in the market for a cloud service provider, look to the enterprise cloud for a service that meets your security needs.