The Heartbleed vulnerability is less of a game-changer and more of a reminder that online security is precious and vulnerable. There have been major breaches before and there will be again. The question is: will your data center be ready to handle the next breach? There is no real online security without a response plan to fall back on when, not if, security is breached.
Perhaps the most damning to the idea of flawless security online came from the revelation that some government agencies, US-based and otherwise, and had used it for the purposes of reconnaissance on citizens. More than ever, the proper response to security is not to try to build something impenetrable, but to have a plan that keeps data, even once accessed, from being able to do much damage.
Possible Solutions
Circles online including white hat Moxie Marlinspike are saying that the only real way to prevent this kind of vulnerability from being a massive breach is to get rid of plain text internet entirely, and to use HTTPS as a new standard. Encrypted data like this allows for another barrier between the data and those who would seek to compromise the security through attacking risk vectors.There are downsides to this arrangement, however, including the increased cost of using SSL and the difficulty of requiring the unique certificate process that SSL uses on every small website that's being used.
Another idea for increased global security is called forward secrecy, which operates on a function similar to the popular mobile app, Snapchat. Once you're done with a session, your key disappears. This allows for data that is much harder to break into once it has been taken, so that anyone who wanders off a server with a load of encrypted information is much less likely to find a way to read it.
Response Plans
Your data server needs to be able to deploy patches and updates remotely and with little effort. Much of responding to security breaches require on-time fast-acting responses to severe problems. Using not only encryption, but additional security products is highly important.Anyone who relies on your network for security is going to feel betrayed when their privacy is broken by a hack. A script for what to follow and how to break the news to customers quickly and easily is the only way to keep and/or regain trust in the wake of a security breach.
Make sure that all of your employees, not just those who are involved with security, understand security risks. The human element is commonly the most easily compromised link in the chain, and workers are regularly bamboozled into giving out critical information. If they are well-trained in security, though, they can be a strong line of defense that actively upkeep your network's security.
Google is a good case study on responding to security breaches correctly: they quickly patched their platforms and immediately educated the public on the threat and recommended security fixes for them.
Featured images:
License: Royalty Free or iStock source: http://www.freeimages.com/photo/1159614