First of all, I am not a highly technical person. I don’t speak, write or generally understand “code”. I love technology for what it does, and I seek to understand where the horizon line begins and ends with all things digital.
That said, when the media rant started earlier this week around the “HeartBleed bug”, I casually picked up the phone, called our CTO and asked him to explain to me, in layman’s terms, what all the hullabaloo is about. He did, and I went on about my business.
My initial concern was all the engagement sites that our firm hosts and manages for our growing list of global clients. Once I was told that a comprehensive audit of systems and servers had been completed, and there is no potential risk or exposure to any threat for our clients, I went on to my next agenda item. It is nice to not have to be concerned about this type of unwanted intrusion.
Then I started thinking about other companies in our space, players who lack the capital or technical wherewithal and are fully reliant on the “cloud” for their hosting. There are a lot of agencies, some not very well funded, some concerned with their current “burn rate” of their last round of venture capital, that are totally reliant upon third party (cloud) providers for their technical assets. They are far more vulnerable to intrusions, malware, viruses, etc., and I realized how fortunate we are to have the control that we do over our customers’ data.
I was not surprised to hear that the largest cloud providers, like Amazon Web Services (the largest cloud provider), Google and others, were scrambling to repair their systems, to apply the patches, although they may not know for some time whether or not they had been breached. Cloud-based companies that manage sensitive employee data (like Globoforce or Achievers, who come to mind as two smaller players who could possibly lack adequate financial resources to provide effective security for their customers) are incapable of directly protecting their customers from threats that creep in a side door of their cloud providers. Their assurances must come from a third-party provider. Employees or consumers will find themselves having to wonder if their personal data has been abducted, and will, minimally, have to reset passwords once the “all clear ” is sounded.
Wonders never cease. Other than hoping to play up some sort of “cool factor”, one has to wonder why it would be intrinsically advantageous to broadcast that your most sensitive data resides in an environment that is continually under threat of intrusion, compromise, or theft.
Well, it is a beautiful day here in the Twin Cities, and I intend to make the most of this weekend. The weather is warming up, soon the ice will be off the lake and the boat will launch. And for our clients at least, there is not a dark cloud in the sky. Perfect.