Just because a company has stopped using a cloud server doesn't mean its data isn't still flowing there, a new study has found.
Cloud computing has swiftly gone from a novelty to a vital part of how global business runs, with the amount of corporate data stored in cloud servers doubling from
Researchers set up a series of cloud server rentals from Amazon for 10-minute intervals. During this short time they were able to access information sent to addresses intended for the previous tenants of the server, similar to when someone who moves into a new house may keep getting mail for the previous owners. The researchers neither sent nor asked for data; all the information was sent unsolicited.
After the 10-minute rental was finished, the researchers moved to another server location and repeated the process. Overall, they collected 5 million pieces of data, including financial transactions, GPS locations and personally identifiable information through what the researchers dubbed "cloud squatting."
The sample size for the experiment was quite large: Researchers deployed over 3 million servers and received 1.5 million unique IP addresses over 101 days. This included cloud servers, third-party services and domain name servers. All were open to potentially devastating breaches (the researchers have since informed the involved cloud companies, as well as U.S. government agencies, of the potential issue).
"I would heed the conclusion that despite the overwhelming attraction of cloud servers, cloud computing is not without risk," said Eric Pauley, one of the researchers, in a statement. "However, by managing and watching their use, we can mitigate a lot of that danger. The free lunch that people thought the clouds were is not free. Companies have to weigh the risk to benefit."
Researchers believe that server companies should create reserved IP address blocks and delay recycling old IP addresses. Clients, meanwhile, can work to avoid producing IP address configurations that remain after cloud server IP addresses are let go, though the paper noted this rarely happens.
