Skip to content

CloudCentral Acquires Software Defined Storage IP

This is a crucial addition to CloudCentral’s current storage offerings and introduces the Software Defined Storage business model, which separates ownership of hardware and software, allowing customers a far wider choice of software vendors. view

The Heartbleed SSL Vulnerability

In the last few days, the Heartbleed OpenSSL security vulnerability has been receiving a lot of attention. It has affected an unprecedented wide range of organisations including Google, LinkedIn, Facebook, Twitter and Adobe.

We have ascertained that CloudPlatform internal services (i.e. virtual routers) are not affected by the SSL vulnerability.

We urge you to check your own cloud servers for the vulnerability as well. If your systems are vulnerable, we recommend urgently updating to the latest version of OpenSSL to patch this bug.

You can easily check whether your server is vulnerable using an online tool.

Technical details

The official security advisory on OpenSSL bug, including detailed listing of affected products, and remediation procedures is available from NCSC-FI.

For detailed instructions on patching systems affected by Heartbleed, customers should consult the documentation associated with their product. In patching systems, we recommend customers obtain OpenSSL 1.0.1g from trusted sources such as the developer or vendors website, or the OpenSSL software repository.

Top 3 ways to make sure your data is not private or secure

Do you believe that ignorance is bliss? In IT, it simply means not fully understanding the risks you are exposed to and not being fully aware of best practices to reduce risks. Critical data getting into the wrong hands is so common it’s hardly newsworthy anymore. As a cloud provider that focuses on Secure Australian Cloud, we decided to make a top 3 risks list.

1. Host your data in the USA or with an USA owned company

Storing your data in the US or with a US owned company is the most sure-fire way to make sure your data is not private. The recent leaks from Edward Snowden on the NSA have made that very clear. Even encryption was easily bypassed within the largest American organisations (Microsoft, Google, Yahoo, etc) and they simply use a dragnet approach, taking everything they can get their hands on.

In an attempt to calm the public outcry in the USA, NSA stated: “NSA applies Attorney General-approved processes to protect the privacy of U.S. persons — minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination.” In other words: no restrictions or boundaries if you’re not American.

As Neelie Kroes, Vice President of the European Commission, put it: “Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn’t matter – any smart person doesn’t want the information shared at all.” We couldn’t put it better ourselves.

2. Don’t apply the latest patches and best practises

view

Clearing up a security misconception

There are many different types of cloud computing, and the simplest and most well-known example is free, public email such as Hotmail or Gmail. There have been plenty of examples in the news lately of misuse of these free services, and accounts being hacked. One of the most prominent examples was when the email account of Sarah Palin, the former US Vice Presidential candidate, was hacked.

There is a big difference between using a free public email service and deploying secure email in the cloud. Almost all security experts caution against using these free services for anything that could remotely be sensitive, and experts on corporate policy say that use of them should be prohibited in the workplace. Using the cloud to run your own virtual corporate email server, on the other hand, is just as secure as running it in-house.

There are two things that govern security in a hosted, cloud-based email configuration; and that is the security afforded by the cloud provider, and your own internal corporate policy. Policy item number one should be that employees should use only corporate email accounts for business, and not the free services, which typically do not include the same robust security practices that are offered by cloud providers like Cloud Central.

Secure email is a serious business. Smaller companies in particular often lack the specific expertise required to run a safe and secure internal email server; in this case especially it is advantageous to move your corporate email server to the cloud to take advantage of the cloud provider’s existing security infrastructure, their own in-house talent and expertise, and to make use of the provider’s 24×7 maintenance and administration facilities.