Well its been a tough few days for some organisations, large and small, following the announcement about the ‘heartbleed bug’. From Yahoo down, organisations that you think could be trusted have been left open to exposure and that could have serious consequences for you personally as well as your business.
As you might imagine with our own pam service being the only pan government accredited IL3 restricted* data platform, we were fine and all customers can sleep easily.
Information security is a tough challenge but with the growing emphasis on serious organised cyber crime the sort of threat posed by bugs and poor practices is only going to increase.
Remember to check that your cloud service provider has got the right infrastructure and standards in place to protect you. At a minimum you should look for an ISO 27001 UKAS accreditation (not all ISO27001 certifying bodies meet the same standard) for the application or platform provider, as well as the data centre itself. Some cloud vendors rely on their datacentre provider for accreditation and represent it as their own – this is dangerous and may leave you with a vulnerable product and supplier organisation.
We actually did our whole ISO27001 programme and the higher level government standards needed to hold sensitive government information using pam too. It’s easily repeatable now and fit for sharing, so by all means contact us if you would like to see how we did it or want to achieve the standard yourself. Ask your service provider to show you how they meet their standards beyond the certificate on the wall (if they have one) as you want to ensure the integrity of their information security management system.
Your heart won’t bleed if you choose pam, but you might want to do more than change your password if your service provider is not meeting the minimum standards for information security.
*Government protective marking changed this week and we shall be writing about that next as it’s more good news for pam customers;)