InfoWorld is reporting the rather unsurprising results of recent research in Germany; users of Amazon Web Services can have lax security practices, leaving themselves open to malicious activity. This is hardly surprising, as it’s also true in almost every other computing environment, from individuals’ laptops to the corporate data center. More interesting, perhaps, would be to delve deeper into the results to understand whether or not the behavior on a cloud environment like Amazon’s is worse than on hardware that the users feel a responsibility for. Do those users think it’s Amazon’s responsibility to ensure security? Does Amazon lead those users to think that they are absolved of responsibility? There is no suggestion that this behavior makes Amazon Web Services itself less secure, although Amazon does have the problem of dealing with the resulting negative press from any attack; “Amazon hacked,” the headlines would scream, rather than “poorly built website that happened to be hosted on Amazon hacked — not Amazon’s fault.” In this case, at least, the German researchers are working with Amazon to notify those users they identified as most at risk. But what could or should Amazon be doing to lower the chances of others repeating these mistakes?