The Heartbleed bug has generated a lot of catastrophic commentary and reverberating repercussions since it was publicly disclosed on April 7.
‘Catastrophic’ is the right word,” wrote Internet security expert Bruce Schneier on his blog. “On the scale of 1 to 10, this is an 11.”
That intensity of reaction is not surprising given estimates that around half a million of the Internet's secure web servers (some 17 per cent) were believed to be vulnerable to attack due to Heartbleed, in addition to countless embedded devices such as firewalls and routers.
An avalanche of media coverage means anyone affected has likely heard of the problem. Does that mean Heartbleed is yesterday’s story?
Absolutely not. Heartbleed remains very much a live issue and one that will not be fixed quickly.
Are you thinking of moving to Google Apps or Office 365? Or do you already use Dropbox, Box, Webex, Salesforce or one of the many Cloud services now on offer? Or do you want to know why you should even care?
Cloud providers can offer more flexible services at a cheaper price than most enterprises can achieve by amortising their equipment and maintenance costs over a large number of customers.
More important than lower prices, Cloud services promise to improve productivity. Users or business units can receive required capabilities “now” rather than wait for months for IT to design the answer to their wishes.
You also receive fault-tolerance, disaster recovery and uniform access from many device types – all contributors to productivity by helping your employees get their jobs done, whenever and wherever they are.
Cloud services can also improve productivity in the IT department by freeing up IT staff to focus on solving company-specific problems rather than looking after consumerised infrastructure such as mail servers, file repositories, CRM systems and the like.
Few companies gain significant competitive advantage by having a “really well set up mail server” – they’re a dime a dozen, yet expensive to maintain internally.
So why burden your IT staff up with mundane tasks when they could be designing business-specific process improvements and extracting business intelligence that will help your bottom line?
While moving to the Cloud offers clear productivity benefits, there are pitfalls to avoid in order to reap these benefits fully.
It’s time we took a fresh look at the core problems bedevilling our enterprise security.
Do we only need to guard against the bad guys trying to hack our infrastructure? Or do we need to defend ourselves from the bad habits of the good guys who manage that infrastructure?
The bad guys are a given: Their hack attempts are driven by every motivation from greed to ego. But the bad habits of the good guys – your beloved systems administrators – are another matter.