Security threat posed by cloud exploit

Security is an issue which dogs the cloud industry and causes sceptics to argue that mission-critical solutions should not be hosted on public platforms. And in most instances, the threats are over exaggerated or entirely fabricated.

However, this month a new vulnerability in the way virtual machines operate has been uncovered and there are concerns that this weakness could be exploited, causing major problems for providers and users alike.

The so called Venom vulnerability contravenes the idea that virtual machines hosted in the cloud are distinct from one another and so do not allow users to leap from one virtualised operating environment to another.

So while the promise of keeping ecosystems separate in the cloud is regularly made by vendors, Venom reveals that it is possible to leapfrog from one virtual machine to another. And this might mean that hackers could compromise the systems of more than one cloud customer, according to researchers at CrowdStrike.

A number of affected cloud platforms have been identified and the exploit is founded on a bug that is triggered by a buffer overflow in a virtual machine’s floppy disk controller, according to Ars Technia.

Although some have argued that Venom may ultimately have ramifications that are as far-reaching as the Heartbleed bug, that reared its head back in 2014, others are certain that the extent of the impact of this new fault will not be nearly as significant.

The good news in this instance, as well as in any scenario involving security vulnerabilities unearthed in the cloud industry, is that vendors have a competitive incentive to find solutions and patch any issues out of existence.

This innate need to make the cloud as safe as possible, so that customer confidence is restored, is what makes the market so responsive to threats.