Most Read This Week
Security & Cloud Computing
The Upside of Heartbleed
How a global security crisis created a common litmus test
By: Ryan Barrett
May. 3, 2014 02:00 PM
There are two pieces of good news to come out of Heartbleed. First, we haven't heard of any significant security breaches, which mean that the industry as a whole is getting better at fixing problems as they arise.
The second is that, because Heartbleed presented every single cloud provider with the exact same challenge, it created an excellent global litmus test for crisis response. Everyone started from the same baseline, which eliminates the variability in evaluating their response.
If you're a customer of the cloud, you can review any provider's public response to Heartbleed to evaluate both their technical dexterity (how long did it take them to issue a fix?) as well as their communications and customer service (did their communications assure you that you were in good hands?). And if you're a provider, you can see how your response compared to the competition - and, if necessary, make changes.
Below are a few key crisis response elements that you should look for.
The communication does not necessarily have to include a comprehensive action plan. But it must be enough to assure you that the service provider is aware of the issue and actively working on a solution.
Who Is Doing the Communication?
Transparency About Impact and Potential Risks
Responsible Disclosure Policies
Sharing of Best Practices
Heartbleed may soon be history, but there will inevitably be another crisis. You should use the trail of communications left behind by Heartbleed as a litmus test for crisis response. If you're a customer, make sure that all your providers delivered the level of communications you needed to feel comfortable. If you're a provider, make sure that customer communications is as much a part of your crisis response processes as is your technical work.
Reader Feedback: Page 1 of 1
Subscribe to the World's Most Powerful Newsletters
Today's Top Reads