Brightidea’s Response to OpenSSL Heartbleed Vulnerability

 

Heartbleedicon_checkmarkFirst and foremost, we’d like to inform our customers that at no point in time has data stored with us been vulnerable to the OpenSSL Heartbleed bug. At Brightidea Inc., we take the responsibility very seriously of ensuring the confidentiality and integrity of the data our platform is entrusted with hosting.

Upon learning of OpenSSL vulnerability on April 7th, we initiated an audit of our systems. Since our usage of OpenSSL is limited, we completed this audit in less than an hour. The result of the audit showed that we were not using any versions of OpenSSL affected by the vulnerability.

In addition to our audit, we reached out to our hosting provider Dimension Data. Dimension Data’s Cloud Business Unit security team had also immediately investigated the potential implications of this vulnerability. They concluded that its Cloud Business Unit, used for hosting by Brightidea, does not utilize the vulnerable version of OpenSSL in the underlying infrastructure and cloud control layers across all data centers.

We’d also like to take this opportunity to share how we are continuing to improve our encryption policies by reducing dependencies solely on network layer encryption such as SSL and TLS. Specifically, in addition to network encryption, our online backup data is also AES 256 bit encrypted before it’s transmitted by the backup software. This means that even if network encryption was compromised, as in the case of the OpenSSL Heartbleed bug, data stored with us will still be safe.

We’ll continue to monitor the situation ongoing just as we have been for all security alerts.

Please don’t hesitate to contact us us if you have any questions about this issue or how we continuously improve on our security and encryption policies.

Sincerely,
Lou Ostdiek
CTO Brightidea