"Beware the 'Secret Agent' Cloud Middleware"

If cloud services weren't complicated enough for the typical business today to properly configure and secure, there's also a lesser-known layer of middleware that cloud providers run that can harbor hidden security flaws.  Researchers from Wiz.io recently unveiled an open source cloud middleware database on GitHub that details the specific middleware agents that Amazon Web Services (AWS), Google, and Microsoft install on their cloud customers' virtual machines.  The researchers aim to shine a light on this traditionally hidden proprietary software layer and its potential software flaws that can leave a cloud customer unknowingly at risk of attack.  The researchers stated that cloud providers often silently install these "secret agent" middleware programs on their customers' virtual machines, with the highest privileges, as a "bridge" between their cloud services and their customers' VMs.  The Cloud Middleware Dataset database project aims to provide cloud customers insight into this layer of software they rarely know exists on their virtual machines in a cloud service and the potential security risks associated with it.   The researchers stated that these agents are adding an additional attack surface, and cloud customers don't know about those agents.  If they come pre-installed, organizations have no idea.  

Dark Reading reports: "Beware the 'Secret Agent' Cloud Middleware"