"Cloud Server Leasing Can Leave Sensitive Data up for Grabs"

A new study by researchers at Penn State University finds that the standard business practice of renting space and IP addresses on a public server can lead to cloud squatting, which creates a security risk, putting sensitive customer and organization data in danger. Cloud squatting happens when a company leases space and IP addresses on a public server, uses them, and then releases the space and addresses back to the public server company, such as Amazon, Google, or Microsoft. The public server company then assigns the same addresses to another company. If this second company is malicious, it can take the information coming into the address intended for the first company. According to Eric Pauley, a doctoral candidate in computer science and engineering, there are two advantages to leasing server space. The first is a cost advantage, as it helps save on equipment and management. The second is scalability because leasing server space offers an unlimited pool of computing resources, which allows companies to quickly adapt when workload changes. These advantages have caused cloud use to grow significantly to the point where nearly all websites take advantage of cloud computing. The Penn State researchers designed an experiment to determine if cloud tenants were vulnerable and quantify the problem's extent. They set up a series of cloud server rentals. The team rented server space for 10-minute intervals, got information sent to the address intended for previous tenants, and then moved to another server location multiple times. They did not request any data or send out any data. Any unsolicited data they received was potentially intended for previous tenants. The researchers deployed more than 3 million servers receiving 1.5 million unique IP addresses over 101 days. Cloud servers, third-party services, and Domain Name Servers (DNS) were identified as sources of potentially severe security breaches. This article continues to discuss new research on how cloud server leasing can present security risks and recommendations for resolving cloud squatting concerns. 

PSU reports "Cloud Server Leasing Can Leave Sensitive Data up for Grabs"