I have been receiving questions from a number of customers about the “Heartbleed” vulnerability that has been widely reported by the media. Many customers are concerned as to whether they are at risk by using cloud services from Microsoft and other providers. There a reasonable concern with any IT service when it comes to security. Your provider should be able to answer simple questions about whether a service is vulnerable or not to Heartbleed and what steps are being taken to mitigate the risk.
Let’s take a moment to discuss what “Heartbleed” actually is. It is a flaw in the OpenSSL encryption software library used by many websites to protect customers’ data. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access a website’s customer data along with traffic encryption keys.
After a thorough investigation, Microsoft determined that Microsoft Azure, Office 365, Yammer and Skype, along with most Microsoft Services, are not impacted by the OpenSSL “Heartbleed” vulnerability. Windows’ implementation of SSL/TLS is also not impacted.
If you have any concerns about the security of a cloud service, please contact Kloud Solutions at the following URL: