A security researcher has warned that firms relying on the Amazon Web Services infrastructure need to double check their security controls or they run the risk of a major security breach.
Speaking at the 2014 Black Hat conference, Andred Riancho, who is an application security expert, said that risks in cloud security come from system configuration weaknesses and web application vulnerabilities. He then reportedly demonstrated a tool made to exploit the Amazon Web Services infrastructure.
CBR was not at the scene, but CRN cited Riancho as saying: "It is my impression that this is not Amazon’s fault that these issues exist.
"Most of the vulnerabilities this year are from misconfigurations or small things where the developers working on applications made mistakes."
He then went on to explain how web application developers in particular who are working on Amazon’s Elastic Compute Cloud (EC2) need to be critical of the security they use.
Last April, AWS CISO Stephen Schmidt launched a security blog which aims to help customers understand security best practices for AWS services, including Amazon EC2, Amazon S3, AWS IAM, and others.
It was in-memory database provider VoltDB which also criticised Amazon Web Services yesterday, announcing that with its NewSQL in-memory database, firms can expect up to ‘five times faster application performance’ for Fast Data analysis on the SoftLayercloud platform from IBM than on AWS.
"IBM is rapidly moving to make SoftLayer the preeminent platform on the planet for developing data-driven applications," said Mac Devine, director of CloudFirst Innovation and CTO IBM Cloud Services Division.
"Fast Data applications demand a leading-edge cloud platform that supports wide-ranging options from multi-tenant virtualization to bare metal performance."