Amazon Fires Back Against Bkav Security Accusations

Grazed TalkinCloud. Author: Chris Talbot.

Late last week, we reported on supposed security flaws found on Amazon Web Services (AWS), HP Public Cloud and GoGrid. The report regarding outdated Microsoft Windows Server deployments surfaced because of a blog posted by security firm Bkav. Now Amazon has come out to dispute the blog’s findings, with its public relations team calling elements of the blog "misleading."

A note to Talkin’ Cloud mentioned Amazon’s (AMZN) shared security responsibility model with customers. According to Amazon, once a customer launches an EC2 instance using Amazon Machine Instance (AMI), the customer is responsible for managing the updates, including updates issued after the build or revision that was specific to that AMI. The AMI in question that put Bkav on the alert was a Windows Server 2003 AMI from 2010, the email noted…

Amazon also indicated its standard practice is to release fully patched Windows AMIs within a week of Microsoft’s Tuesday patches. But customers can customize their software update settings, which seems to be what Amazon suggests happened in the case of Bkav’s customer…

Read more from the source @ http://talkincloud.com/cloud-computing-security/0430214/amazon-fires-back-against-bkav-security-accusations

Subscribe to the CloudCow bi-monthly newsletter @ http://eepurl.com/smZeb