Datacastle prides ourselves on our strong, thorough, and multi-layered approach to security. We have been asked by many of our partners and customers in the past week about any vulnerabilities Datacastle RED has to the Heartbleed bug. We are pleased to report that Datacastle RED partners and customers are not exposed to the Heartbleed vulnerability.
What is the Heartbleed bug? The Heartbleed bug can be found in OpenSSL v1.01 and later. SSL is commonly used for secure, encrypted communications with web servers, especially when performing username/password exchanges. OpenSSL is commonly used with Apache web servers for secure communications. The Heartbleed bug potentially makes it possible for hackers to retrieve the SSL encryption keys from the web server, thus making encrypted information such as passwords vulnerable.
Why are Datacastle RED partners and customers not exposed to the Heartbleed bug? Datacastle RED uses SSL for secure, encrypted interactions with the Datacastle RED vault. Datacastle RED does not use OpenSSL. Datacastle RED uses Microsoft IIS web servers and Microsoft has made it clear that Azure and their IIS SSL technology do not possess the Heartbleed bug found in OpenSSL.
But what if you don’t use Datacastle RED? If you use some other endpoint data protection solution, we encourage you to communicate immediately with your vendor and determine if you or your users have been exposed to this vulnerability. Many online cloud backup solutions use Apache web server technology and potentially carry the Heartbleed vulnerability as a result.
For more questions about endpoint data protection, the Heartbleed vulnerability and how to avoid it using Datacastle RED, feel free to contact us at www.datacastlered.com.