This is something I was trying to research at one point:
> While there have been no reported isolation compromises in any major cloud platform,
What about minor cloud platforms? I'm would be surprised if there hasn't been real cases of e.g. the horror scenario where data gets silently exposed via uninitialized/unencrypted disk volumes that were not correctly wiped by the CSP before re-use by a different customer.
I've seen it happening on-premises with e.g. Ganeti, which does not wipe instance disks by default. In that case it was obvious because the OS installer would complain about pre-existing LVM volume groups on the disks. It does offer an option to spend an hour wiping new disks when provisioning them...
A report a few days ago revealed that hackers linked with China’s government were stealing data from more than a dozen global telecom companies for years.
According to Reuters, eight of the world’s biggest technology service providers were hacked by APT10 spies, with attacks going as far back as to 2010 in some instances. Dubbed as “Cloud Hopper,” the campaign affected Hewlett Packard Enterprise (HPE), IBM, Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation, and DXC Technology.
"Containerization is less secure of an isolation technology than virtualization
because of its shared kernel characteristics"
"Containerization, while being an attractive technology for performance and portability, should be carefully considered
before deployment in a multi-tenant environment."
"Containerization, while being an attractive technology for performance and portability, should be carefully considered before deployment in a multi-tenant[, shared] environment [in which the physical hardware is shared among many users]." -- I'd say that's more accurate.
> While there have been no reported isolation compromises in any major cloud platform,
What about minor cloud platforms? I'm would be surprised if there hasn't been real cases of e.g. the horror scenario where data gets silently exposed via uninitialized/unencrypted disk volumes that were not correctly wiped by the CSP before re-use by a different customer.
I've seen it happening on-premises with e.g. Ganeti, which does not wipe instance disks by default. In that case it was obvious because the OS installer would complain about pre-existing LVM volume groups on the disks. It does offer an option to spend an hour wiping new disks when provisioning them...