Cloud Security Questioned After Heartbleed Bug

By Author: Skyhighnetworks
Total Articles: 54
Comment this article

Security teams at many companies are still dealing with the aftermath of the NSA revelations from Snowden when hit with another huge blow this week. SSL, the encryption layer for the Internet, was found to have a major bug that would allow an attacker easy access to usernames, password, and encryption keys. “These allegations further question the security of all data crossing the Internet,” Adrian Sanderball, Security Analyst at Actium Consulting.

A key question for many security professionals is whether encryption technology is secure, or even if Cloud Security can ever be truly achieved. Encryption was seen as the ultimate tool for making sure data is secure when being transmitted online. Documents leaked by Edward Snowden shows the NSA actively worked to undermine the effectiveness of encryption in order to make data more accessible for mass surveillance of Internet traffic.

Even encryption vendor RSA was brought into the mix when it was revealed the company may have received $10 million from the US government in exchange for inserting weaknesses into encryption ...
... technology the company sold to corporate and government clients worldwide. Now, Heartbleed is calling into question SSL that is used to protect data as it’s transmitted between companies and websites.

One of the biggest barriers to large companies adopting on-demand SaaS applications is Cloud Security. Even with SSL, many companies feel that cloud services are not doing enough to encrypt data when stored in the application. Now that data being transferred to and from the cloud, and even encryption keys themselves are vulnerable, many security analysts are recommending companies employ cloud encryption gateways to encrypt data on premises behind the firewall before uploading to a cloud service.

By encrypting data and keeping control over the encryption keys, companies can ensure that if there’s a breach or their data is accessed by a third party, it won’t be viewed by a third party. That step, say experts, is what’s needed before the largest companies will have faith in cloud security.

Author :

Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com or follow us on Twitter@skyhighnetworks.