Christian Dunn

By now you have probably heard about the major Telstra Bigpond outage that occurred this weekend.

On Friday a user searching for contact details for Bigpond stumbled across a (what should have been internal) website providing access to the details of all customers on bundled packages (i.e. phone/internet), including some account passwords.

After notifying Telstra access to the site was immediately shut down.

From Friday until Sunday up to 1 million customers have been unable to access Bigpond account details or emails and over 60000 users have had their account passwords reset.

Welcome to what I like to call "Cloud and present danger". These days as more companies move applications online or into the cloud, it is important to consider the ramifications that those decisions may have. Previously we would have used virtual private networks or dedicated internal networks to access critical customer portals and information. As cloud hosted applications have become the norm I have seen a shift in the industry to using secure web portals rather than VPN or private networks to provide information to other sites.

Why? It is easier to implement, it works from anywhere and it can be faster to activate new stores and provide access to staff or customers. Unfortunately it also means if there is any breakdown in security including lost passwords or failure of secure logins, or an inadvertant change in settings by an administrator this means there is no second level of protection so instantly all of your companies critical data is visible online. In this case it could have been as simple as a system administrator disabling password security to test a feature which has caused this massive breach.

I am constantly suprised companies haven't considered this, especially in the light of some major privacy breaches in the last year. Protecting your data behind a VPN or private network ensures that even if there is a fault that enables all your information to be visible or insecure, then that information is only insecure within your corporate network, not to the outside world.

This does not necessarily apply to all applications and services but there are definitely some critical considerations when you are dealing with the personal information of your customers that all too frequently seem to be disregarded. As we move more of our personal information online, including health, the benefits and risks are only going to make this a more pertinent issue.

If you are one of the affected Telstra customers your services should be restored this evening, but expect some changes in light of this latest breach.

If you are a company owner considering moving your business critical applications into the cloud, think security. Your customers will thank you later.