Last year, officials at Context Information Security conducted a study to determine if they could access data from other customers within public cloud environments of four providers. "We were quite surprised," says Michael Jordan, research and development manager at Context. "Using a pretty straightforward test we were able to view data that had been there a pretty long time."

RELATED:

DO IT YOURSELF:

Context officials, who conducted the study with the permission of the cloud providers, performed a series of disk analysis tests on virtual machines running in the public clouds. The theory was that if the hypervisor is not architected to clear storage disks after each use by a customer, the data can remain on the disk and be accessed by subsequent users. Sure enough, when Context researchers prompted the virtual machines to read the raw data on the disk, they found remnants of previous customers' data.

In one test Context researchers found references to that had previously been installed on the disk, while in other cases they found more potentially sensitive data, such as fragments of a website's customer database and logs showing where the data came from. "The remnant data was randomly distributed and would not allow a malicious user to target a specific customer," Context officials describing their testing. "A malicious user who discovered the vulnerability could, however, exploit it to harvest whatever unencrypted data he came across: e.g. personal information, credit cards or credentials."