When security vulnerabilities strike in the cloud, it's important to make sure there is a playbook in place to know how to respond. Cloud vendor Rackspace has seen its fair share of security incidents, including the Heartbleed security vulnerability, which left the entire IT industry scrambling back in April.
In a video interview with eWEEK, John Engates, CTO of Rackspace, explains how his company dealt with Heartbleed and what the Rackspace playbook is for dealing with security incidents.
As was the case for most organizations, Engates noted that Rackspace had no prior knowledge of Heartbleed before it was publicly disclosed on April 7. He explained that once Rackspace becomes aware of a security vulnerability like Heartbleed, the first step is to figure out how big the risk is to the company and its customers. The next step is to have a proper communications plan to explain what's going on.
"We are very proactive in terms of getting in front of these things, and we want to inform our customers as quickly as we can," Engates said. "We don't want to incite a panic; we want to make sure that what we lay down is a very structured plan that our customers can understand quickly."
In an event like the Heartbleed vulnerability, Engates said that a key priority is to get as much of Rackspace's own infrastructure fixed rapidly. Lessons learned from the experience of fixing Rackspace's infrastructure can also be passed on for customer environments.
"Because of Rackspace's depth in managing customer environments, we were able to take on the burden of not just patching our own stuff but actually taking a proactive role in helping customers," Engates said.
The playbook for what to do in the event of an emergency at Rackspace is one that is constantly evolving as different threats emerge.
"The playbook is outlined in a certain level of detail, and then we layer in the specifics," Engates said. "The more times you do it, the better the playbook gets."
Watch the full video with Rackspace CTO John Engates below:
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.