The average company used 279 services vulnerable to Heartbleed, and these services spanned all major SaaS Security categories
1. Companies uploaded, on average, 579.9 GB of data to these services
2. One company had uploaded over 33.9 TB of data to affected services
Heartbleed was patched relatively quickly, with most cloud providers fixing their services within 48 hours. Despite the rapid response, companies have to assume that all the data uploaded to these services could still be compromised. The volume of that data is staggering. A finance executive we spoke with in the aftermath of Heartbleed said he received emails from 13 cloud services that week notifying him they had been affected. The problem isn’t limited to finance. The companies impacted by the use of Heartbleed-vulnerable cloud services span industries including manufacturing, media and entertainment, insurance, energy, and healthcare. When you look at the volume of data that was affected, it can be challenging to understand what the impact was.
In response, companies storing data in affected services have taken steps to remediate the damage. Skyhigh customers can view Heartbleed-vulnerable services in the Global Registry by going to the Discover menu and following these steps:
1. Click “Global Registry” in the Discover menu
2. Open “Service Risk” by clicking the up arrow to the left of that section
3. Scroll down to the Security category and view “Susceptible to Heartbleed”
One positive result of Heartbleed is the renewed focus on underfunded but critical open source Internet infrastructure. The Linux Foundation recently raised $3.9 million from cloud heavyweights including Amazon Web Services, Cisco, Dell, Facebook, Google, IBM, Microsoft, Rackspace, and VMware to fund open source projects including OpenSSL. That will help expand the team (currently only one full time developer) so that this critical piece of infrastructure can be maintained and secured.
One thing experts can agree on is that there are more vulnerabilities as serious as Heartbleed in the wild, yet to be discovered and publicized. Due to their nature, companies can only react once they become aware of their exposure. Skyhigh is offering a free Heartbleed Audit, detailing all services in use that were or are still vulnerable to Heartbleed. Email us at email@example.com for more information. Since 100% of companies were impacted in some way, Skyhigh has also developed a guide with steps IT Security teams can take to remediate the damage from Heartbleed.
Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com/saas-security/ or follow us on Twitter@skyhighnetworks.