Cloud Hypervisor Gets High Scores In Security Report

2012 Data Breach Investigations Report

The fifth annual report, conducted with the help of the U.S. Secret Service, and Dutch, Australian, Irish and U.K. police authorities, reported 855 incidents, with 174 million records compromised.

Hackivists caused 58 percent of the data records stolen in 2011 from companies, government agencies and nonprofits.

Less prominent in the report, however, was some good news about cloud security. Although the report found breaches in externally hosted environments, cloud-specific technology showed little or no vulnerabilities.

“Because working definitions of ‘the cloud’ are legion, it can be difficult to answer questions about how this paradigm factors into data breaches,” the report said. “Do we see breaches that compromise assets in an externally hosted environment that is not managed by the victim? Yes; absolutely. Do we see successful attacks against the hypervisor in the wild? No; not really.”

[Related: The 20 Coolest Cloud Security Vendors ]

The report showed that externally hosted assets accounted for about 20 percent of data breaches, as opposed to 80 percent of breaches hosted internally, but these issues were not related to cloud technology, according to the report.

“We’ve said it before, and we’ll say it again here: it’s really more about giving up control of your assets and data (and not controlling the associated risk) than any technology specific to the cloud,” the report said.

There have been highly publicized cloud outages, including a power failure that impacted Amazon Web Services in April 2011, and a Leap Year bug that downed Microsoft Azure last month, but there have been no reported vulnerabilities reported in relation to the hypervisors essential to the virtualization technology at the heart of cloud hosting.

One analyst said the report was not surprising given that cloud providers make security their highest priority.

“Providers are more vigilant and expend more resources on security than just about any internal IT enterprise. This is their entire business model and if it is not secure, it’s dead.” said Ezra Gottheil of Technology Business Research, a Hampton, N.H., industry research firm. “This report belies the thinking that having the data inside your building is better than having it physically located outside you perimeter. That’s an old-fashioned way of thinking.”

Virtualization has emerged as a safe, secure technology for the cloud, he said.

“There have been concerns about multitenancy – having your data hosted in a [cloud] environment along with someone else’s,” he said. “But the barrier created by this virtualization technology, the hypervisor, is one of the most secure aspects of modern infrastructure.”