Virtual infrastructure has become the backbone of cloud computing, particularly in the area of infrastructure-as-a-service. This is why the latest attack on EC2 demonstrated by MIT researchers garnered a fair amount of attention in the press.

This is an attack against virtual computing resources, not necessarily against EC2 per se. In fact, this attack can potentially work against any virtual infrastructure, private cloud included.

Does this mean that there is a security vulnerability within EC2? Yes.

Should you be concerned? Not really.

This is an example of a "side-channel" attack. For this attack to be feasible, certain conditions must be true a priori. These conditions include that the attacker has knowledge of when the victim virtual machines would be launched. Some of these conditions, though not entirely impossible, are on the impractical side. While the author concedes that it is possible that an espionage attack with high-valued stakes may very well undertake such a method, it is hardly a concern for run-of-the-mill computing tasks running in EC2.

After seven years, my colleague Natalie Lambert is leaving Forrester. In the year that I have been at Forrester, she has been a good team-mate, sounding board for ideas, gleeful mischief-maker, and collaborator on shared research topics. I will miss her insights and energy, and I wish her the best as she begins her next adventure.