Cloud9 Heartbleed Bug Update
By now you have heard of the Heartbleed Bug and the information security risks that are associated with it. Cloud9 Real Time is taking this threat super-seriously, and as such we wanted to provide you with comprehensive details about the security measures that we have in place to protect your valuable data. We also want to provide you with best practices for your other online activity that may help in limiting your personal vulnerability to the Heartbleed Bug:
Q: Is my data stored on Cloud9 servers vulnerable to the Heartbleed Bug?
A: No it is NOT! We have confirmed with our SSL issuer that our SSL certification and servers are not at risk. ONLY web servers and companies utilizing OpenSSL and/or running a Linux OS are at risk, and Cloud9 was NOT built upon and has NEVER used OpenSSL for any of its SSL Security and has NEVER utilized a Linux OS server.
Q: What security measures does Cloud9 have in place for ensuring my data’s security?
A: Other than not having any of our servers utilizing OpenSSL in any way, Cloud9 employs various and multiple firewalls and security protocols at several levels of our infrastructure. Additionally, the use of an automated time-out policy when users become idle in the Cloud as well as requiring multiple logins and encrypted passwords before being able to access data also serve as productive security measures. To go a step even further into ensuring your security, we have reset the access information for all of our employees to ensure that any staff member accessing any part of your account or data is independently secure from both an infrastructure and user perspective.
Q: What can I do to avoid possible exposure to the Heartbleed bug?
A: Since the Heartbleed bug is tied to visiting and accessing websites on the internet, we recommend that users do not access the internet for non-business related activities while logged into the Cloud, and limit their Cloud use for business matters only.
Cloud9 recommends that clients change their passwords to any websites that contain sensitive or personal data, and ensure that their login and/or passwords are not being saved or cached by that website or its servers. That said, it is best to wait a few days until most major and minor websites using the OpenSSL have added their patch. Be diligent to NOT change your password to a vulnerable site UNTIL that site has installed it’s patch. Again, this applies to websites using the HTTP‘S’ designation and utilizing OpenSSL and/or Linux servers.
Having unique, encrypted passwords for each individual site you visit is always a best practice and we urge you to implement this strategy, regardless of threats like the Heartbleed bug. We understand that many major websites are currently going through a patching process to update their SSL certifications, so you may want to update your passwords to critical sites again in about 10 days as well to allow the updates to be put in place. Even for sites that do not contain personal information, it may be a good idea to change your passwords to ensure that all measures have been taken.
At Cloud9 security is our primary focus, always!