via AlienVault's Russ Spitler, comes a tale of problematic security hygiene within customer instances at Amazon Web Services. This time, evidenced and bolstered by empirical research, the AlienVault researchers discovered "there is a good chunk of the EC2 users who left their front door open'.
I am fascinated with AlienVault's findings, (consider for a moment the issues are customer-based within their respective virtual environs), the scenario boggles.
Then, there is the recently published Amazon Web Services SOC 1, 2 and 3 Reports (Acronym definition: SOC - Service Organization Control). SOC 1 is one of the component reports that comprise the awkwardly monikered SSAE 16/ISAE 3402 artifact); of which, the SOC 1 and SOC 2 Reports are available to Amazon Web Services customers upon request, whilst the SOC 3 report is available to the public on demand. In this case, the SOC 3 report targets the WebTrust and SysTrust reviews. SysTrust is germaine to the AlienVault research, as it encompasses standard information security tenets of Integrity, Availability, Security and Confidentiality; which, apparently, many customers of the AWS EC2 product are blissfully unaware (at least those that are running the offending listeners).