Why the OpenSSL vulnerability should convert you to the Cloud or help mature your incident response program

Earlier this month OpenSSL released a bug advisory about a 64kb memory leak.  Since the announcement, there has been a lot of buzz around the underground regarding the exploitation of this vulnerability. Malicious actors have been actively leaking data and using one of the several provided proof of concept codes to exploit the released bug. This bug has created a frenzy of patching systems that has impacted all industries. System administrators have been busy patching on top of their day to day duties. 

While analyzing the affects of this bug and speaking to people in the IT world we have found that there are issues with inventory management and understanding the risks of systems that have yet been discovered. The enterprise data centers personnel have been busy trying to patch the systems they know about and run discovery tools to find the ones they didn’t know existed in their environments. This has always been a issue with working in IT. There are always the rogue devices that are setup by various groups to accomplish tasks that are either outside the IT purview or something that IT can’t support. This is why there is the “shadow IT” deployments in the cloud because they are flexible and the ease of setup and use enable users to do work sometime outside the scope of IT. 

This gives us interesting insight to see the response to the OpenSSL bug by both Cloud and OnPremise data center personnel. Within hours after the bug was announced there were several announcements by the major service providers (AmazonMicrosoft,  GoogleRackspace) that the patches had been deployed in their environment. Since corporate entities do not publicly announce when they patch we will have to rely on private conversations with some of our fellow security personnel and my 20 years in the IT industry. There are some companies that even a week, two weeks after the release of the bug still have not yet patched all of their systems. While the Hosting provider space have completed patching their systems across data centers around the world, corporate patching across one or two data centers are still pending. Now keep in mind this does not apply to all corporate environments. There are several that have patched and have been able to keep up with the attacks using the exploits for this vulnerability and others. If you have not had the opportunity to keep ahead. Now is the time to have your company invest in the people, process and technology it will take to give you a fighting chance against the malicious actors that sometimes have unlimited resources.

If you have been considering moving to the cloud, security is not a reason to not make the move. As we have seen, service providers were on top of patching the OpenSSL bug and have teams of people dedicated to the work at hand. This is where you as a cloud customer need to keep in mind the shared security model. The providers have a responsibility to maintain and patch the foundational services, networks and hosts that they manage. You as the customer are responsible for patching the app layer and certain functions of the host and network. Remember Cloud is a shared responsibility, but as we have learned, it’s a service providers business to stay ahead of the attacks and patch appropriately where IT may not be your primary business which may lead to delays or lack of knowledge of the latest and greatest’s exploits and vulnerabilities. The graph below is a good representation of the shared responsibility in the cloud. Read it, learn it and live it to understand the shared security model and maintain the utmost security for your presence in the cloud.