In the aftermath of the Heartbleed bug, many of our customers and contacts have reached out, asking what they need to do in order to remain secure. First, it’s important to note that CloudLock took a number of steps that don’t require any action from our users to ensure that our services, data, and customers remain secure.
However, Heartbleed is unique in many ways: it’s not a simple software flaw that can be fixed by installing a patch and moving on. Instead, it represents a weakness in OpenSSL, the encryption technology that underpins much of the internet. Because of the breadth of the issue, it requires a response from everyone who does business on or stores information in online services. As you’re probably already aware, there are some fundamental responses that you should take right now:
- Change passwords
- Remain vigilant with spam emails or from unrecognized sources
- Check financial and/or social media accounts for fraudulent activity
These are prudent practices even in the absence of a major vulnerability like Heartbleed, but you can expect that various attacks will surface over the coming weeks and months that seek to exploit the bug and use it to gain access to sensitive personal, financial, and corporate data.
There is a second set of steps that make sense to consider if you’re using public cloud services, as well. To understand them, it’s helpful to think about the idea of an attack surface:
Most of our customers are using either Collaboration Security or CloudLock for Salesforce to manage data risk within their core SaaS applications (Google Apps and Salesforce, respectively). This is an excellent foundation, allowing them to define acceptable use policies and manage data exfiltration risk from within their organizations. However, as depicted above, there are other sources of risk that are specifically susceptible to the risks that Heartbleed poses: third party vendors, brought into the cloud ecosystem via third party applications that use OAUTH to provision access, and user credentials and behavior from devices outside of the presumably secured organizational network.
Our recommendations to help secure these vectors are:
- Audit and ensure that all third party applications and vendors have updated their systems to mitigate risk from Heartbleed; ban and remove those that are suspicious or have failed to provide a robust response.
- Use CloudLock GeoFence (or location-aware auditing in CloudLock for Salesforce; if you are not using the Event Log File API, reach out and we’ll walk you through the enablement process) to monitor for suspicious activity.
- Use CloudLock for Salesforce and CloudLock Google+ Governance to monitor social feeds and ensure that your users’ accounts are not being used to exfiltrate sensitive data.
We’re talking The Paradigm Shift in the Public Cloud Security Market in our upcoming webinar with guest Forrester Research, Inc. Register today!