
Mitigating Cloud Vulnerabilities [pdf] - LVB
https://media.defense.gov/2020/Jan/22/2002237484/-1/-1/0/CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF
======
terom
This is something I was trying to research at one point:

> While there have been no reported isolation compromises in any major cloud
> platform,

What about minor cloud platforms? I'm would be surprised if there hasn't been
real cases of e.g. the horror scenario where data gets silently exposed via
uninitialized/unencrypted disk volumes that were not correctly wiped by the
CSP before re-use by a different customer.

I've seen it happening on-premises with e.g. Ganeti, which does not wipe
instance disks by default. In that case it was obvious because the OS
installer would complain about pre-existing LVM volume groups on the disks. It
does offer an option to spend an hour wiping new disks when provisioning
them...

~~~
vngzs
Digital Ocean used to hand out SSDs without scrubbing them.

[https://github.com/fog/fog/issues/2525](https://github.com/fog/fog/issues/2525)

------
skube
"Containerization is less secure of an isolation technology than
virtualization because of its shared kernel characteristics"

"Containerization, while being an attractive technology for performance and
portability, should be carefully considered before deployment in a multi-
tenant environment."

~~~
movedx
"Containerization, while being an attractive technology for performance and
portability, should be carefully considered before deployment in a multi-
tenant[, shared] environment [in which the physical hardware is shared among
many users]." \-- I'd say that's more accurate.

