123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

24 Hours After Heartbleed, 368 Cloud Providers Still Vulnerable

Profile Picture
By Author: Lauren Ellis
Total Articles: 35
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Over the past weeks, security teams across country have been grappling with end of life for Windows XP, which is still running on 3 out of 10 computers. That issue has been completely overshadowed with news of the Heartbleed vulnerability in OpenSSL, which is used extensively to secure transactions and data on the web.

Heartbleed makes the SSL encryption layer used by millions of websites and thousands of cloud providers vulnerable. With a simple exploit, an attacker could gain access to passwords, usernames, and even encryption keys used to protect data in transit. While the focus in the media was initially on high profile consumer sites like Yahoo! Mail, many cloud services present an even greater risk to companies storing sensitive data on those services.

Many cloud services are still vulnerable
Skyhigh’s Service Intelligence Team tracks vulnerabilities and security breaches across thousands of Cloud Security providers, including the Heartbleed vulnerability. Even 24 hours after the vulnerability was widely publicized, 368 cloud providers are still ...
... not patched, making them vulnerable to attack. These services include some of the leading backup, HR, security, collaboration, CRM, ERP, cloud storage, and backup services.

The average company uses 626 Cloud Security services, making the likelihood they use at least one affected service extremely high. Across over 200 companies using Skyhigh, 96% are using at least one cloud provider that is still not patched 24 hours later. We’ll continue tracking these services and provide updates as they are patched.

What actions you can take
In order to close the vulnerability, cloud providers need to update OpenSSL and reissue their certificates that could be used to impersonate the service. Skyhigh has contacted each of the cloud providers affected and is working with them to ensure they patch their SSL and perform remediation such as revoking and reissuing certificates. We‘ve also alerted our customers who use affected services.

There are 5 steps that every company needs to take in response to Heartbleed:

Determine your exposure: Skyhigh automatically alerted customers to services they use that are affected by Heartbleed.

Change your passwords: All the passwords used by employees for affected services are potentially vulnerable and should be changed immediately. If you reused passwords across services, also change these passwords.

Enable multi-factor authentication: Require a security token so a remote attacker could not login to a service with just the password alone. As noted by Skyhigh’s recent report, only 15% of cloud providers offer this feature.

Contact cloud providers: Reach out to affected providers so you can receive updates when they are patched and their certificates have been reissued. Skyhigh automatically tracks and presents this information in our product.

Use an encryption gateway: Encrypt all data before it’s uploaded to the cloud so that even if the provider is breached, your data is encrypted using enterprise-controlled encryption keys that remain on premises.


Author :
Lauren Ellis is a research analyst covering the technology industry’s top trends & topics, focusing on Cloud Security, Cloud Computing, Data Loss Prevention etc.,

Total Views: 552Word Count: 491See All articles From Author

Add Comment

Computers Articles

1. Fantasy Sports Analytics Through Myteam11 App Real-time Data Extraction
Author: i web data

2. Extract Kroger Grocery Store Locations Data For Expansion
Author: FoodDataScrape

3. What Benefits Can Businesses Gain From Doordash Menu Data Scraping?
Author: FoodDataScrape

4. Amazon Fresh Scraping Api Helped Client To Enhance Market Insights
Author: FoodDataScrape

5. Leverage Web Scraping H-e-b Grocery Chain Data
Author: FoodDataScrape

6. It Gadgets Online: Powering India’s Tech Enthusiasts With Premium Pc Components And Gaming Gear
Author: ITGadgetsOnline

7. Reliable Incubator Monitoring And Refrigerator Alerting Solutions For Critical Environments
Author: Chris Miller

8. Extract Total Wine Data For Flavor And Ingredient Insights
Author: FoodDataScraper

9. How To Utilize Firebase Dynamic Links To Integrate Deep Linking On Ios?
Author: davidjohansen

10. How To Start Web Automation Testing Using Selenium And Python?
Author: davidjohansen

11. How To Perform Firebase A/b Testing On Ios?
Author: davidjohansen

12. Python Pandas Tutorial – A Simple Guide For Beginners
Author: Tech Point

13. Scrape Dubai Restaurant And Café Contact Info
Author: FoodDatascrape

14. Best Online Computer Store In India | Itgo - Itgadgets Online
Author: ITGadgetsOnline

15. Getir Grocery App Data Scraping - Benefits & Best Practices
Author: FoodDataScrape

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: