MIS4596-Tony Messina-Sec 002-Spring 2017

Cloudbleed – Cloud Security at Risk

Cloudbleed is one of the newest reasons to be cautious of cloud services and their security. Google’s Project Zero member Tavis Ormandy, found this security flaw and coined the name “Cloudbleed” after the 2014 security bug “Heartbleed” which affected millions of websites. Cloudbleed affects users of Cloudflare, a cloud solutions service. “Cloudflare provides essential internet infrastructure and security to millions of websites. On its website, Cloudflare lists Nadaq, Bain Capital, OKCupid, ZenDesk and Cisco among others under its “Trusted by” section.” (cnet Thankfully, Cloudbleed will not affect that many sites, but does affect major companies such as: Uber, Fitbit, OKCupid, and thousands more.  Although thousands of companies are affected by this bug, the interval of time in which the bug was active was only from February 13th to 18th. Information that could be at risk is: “username or a password, a photo or frames of a video as well as behind-the-scenes things like server information and security protocols. At this time, there is no indication that any of this information was accessed by hackers.” (cnet)

-Source: https://www.cnet.com/how-to/cloudbleed-bug-everything-you-need-to-know/

 

Questions:

1.) Will Cloudbleed make you think twice on what companies you do business with?/Do you ever think about a companies IT infrastructure when doing business with them?

2.) Do you feel that Cloudbleed will cause other companies to reevaluate their cloud services solutions?

5 Responses to Cloudbleed – Cloud Security at Risk

  • 1. It’s tough for something like this to affect my decision in doing business with a company. For the most part, large companies attract large customer counts because the services they provide are so unique. I think the general customer has to have faith that these companies will defend their personal information with the most cutting edge techniques available. As far as instances such as this leading to a major boycott, I just don’t see it. I do think about IT infrastructure for large companies periodically, but never in a strictly security sense.

    2. It absolutely should make other companies evaluate their cloud services. Whether or not they do it is a different question. I think Business Analysts will have to bring up the inherent risks to the brand image resulting from malicious attacks at least on a monthly basis, if not weekly.

  • After heartbleed I changed my passwords for sites that were listed as affected by heartbleed. As for cloudbleed, I’ll keep an on it and see if anything important I use pops up and change my password. So, it doesn’t really make me think twice because most of these sites are useful or needed in some way. I don’t think about a companies IT infrastructure when I determine if I’m going to use their site, but I often think about it for fun when a website does something interesting, like when Cloudflare started becoming more popular I wondered how it worked.
    I think it should make other companies think about their cloud security, really every company should be thinking about it. In four years we’ve had heartbleed and cloudbleed, so there’s bound to be another big breach in the next 4/5 years. They need to get ahead of it.

  • After reading this article, most defiantly i will be evaluating with which businesses i’ll be using and how secure they might say they intend to be. I don’t necessarily research what the business IT infrastructure before doing business with them because that’s out of my control. As long as all the features are aligned with my needs, i should believe the company will be good enough. After this incident, companies should defiantly reconsider all the different companies cloud services are safe enough for them to do business with so that this will not reoccur.

  • 1. I want to say yes, but honestly it doesn’t for me. An example not mentioned is do you feel less secure purchasing from a retailer that still has you swipe your card as opposed to having chip reading technology.
    2. I feel companies will want to gain extra comfort and assurance, but I still feel companies will utilize cloud technology as its the most efficient solution for the future.

  • 1.) Up until this point, I have never really been cautious when it came to the cloud computing companies I have interacted with. I didn’t even know about Cloudbleed up until I saw this article. I think it is pretty important that you look a little deeper into the security set in place by these companies before you use them. I think that I will be a little more cautious from now on when it comes to the cloud providers I use. All it takes is a tiny bit of information that should not have put out there and one hack to do a ton of damage.

    2.)I think that Cloudbleed will force other companies to step up their evaluate on their cloud services solutions, in particular their security. I don’t think that this bug will scare away companies from using cloud computing services, but it should definitely be a wake up call that there are issues they need to be looking out for.

Leave a Reply

Your email address will not be published. Required fields are marked *