Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • Supply Chain Updates
  • Global News
  • Contact Us
  • Home
  • Supply Chain Updates
  • Global News
  • Contact Us
No Result
View All Result
No Result
View All Result
Home Supply Chain Updates

Recent VPN hacks reveal transparency issues within the industry and its supply chain

usscmc by usscmc
December 23, 2019
Recent VPN hacks reveal transparency issues within the industry and its supply chain
Share on FacebookShare on Twitter

Consumers are no doubt becoming increasingly aware about the safety and security of their online activity after many highly publicized studies have shown an uptick in online data theft. According to the Federal Trade Commission, there were 3 million reports of identity theft alone in 2018.

Even though these threats — and the rash of data breaches — continue to grab headlines, consumers still are connecting to public wifi despite the threats and are joining other unsafe networks while traveling. More cautious or tech-savvy individuals know to turn to virtual private networks (VPNs) as a way to safely connect online, and as VPNs become more mainstream, some project the VPN market can grow to more than $35 billion by 2022. We’ve even seen some vendors to capitalize by creating flashy TV commercials that insinuate that they are consumers’ digital doorman. 

However, as these companies look to pull back the curtain on the nefarious digital underworld, I can’t help but wonder if the curtain has been sufficiently pulled back on their own operation? I don’t mean this as if they, too, are digital thieves taking oblivious consumers’ data (though some very well do sell your data to third parties), but instead question whether the VPN industry has been transparent about its own security protocols. 

It wasn’t that long ago that NordVPN, probably the most well-known vendor, was hacked. An attacker broke into one of its servers in an overseas data center by penetrating a surprisingly insecure remote management system left by the “unnamed” data center provider. 

While NordVPN became the latest high-tech hack and even though there’s great irony of being an insecure security system, that’s not the egregious issue here. It’s also not the fact that the breach went unnoticed for a month, though that one does sting a little extra. The real warning here is that NordVPN not only didn’t know the system was being used to support its operation, but it also had no idea the thing even existed. Think about that for a minute; a data-security vendor engaged with a core partner and didn’t audit all of the potential vulnerabilities within their partners. 

Was NordVPN just an industry anomaly that had a single lapse in judgement? Nope, we came to find out that this vulnerability not only compromised NordVPN, it also exposed others like TorGuard. Now we have a scary trend. There are already a lot of sketchy VPN providers marketing to a consumer base that is still largely unfamiliar with the technology — including those that may be willing to share your data with authoritarian governments. But now even the most “trusted” have proven that they, too, have either lax or downright sloppy protocols in place to mitigate all points of potential attacks.

Why is this such an issue? The whole situation exposes a huge question mark around whom is auditing these VPN players’ infrastructure. It also completely exposes the lack of transparency that the VPN industry has around its supply chain. Even in the wake of the NordVPN hack, the guilty data center provider was left unnamed.

When I was managing infrastructure at Google to make sure it all ran securely and efficiently, which included dealing with thousands of devices and partners, I experienced firsthand how difficult it was to have perfect visibility into the infrastructure supply chain. We went to great lengths — and had to invest a lot of resources — to map out every single integration, app and extension that our employees and partners used to do their jobs.

While not every organization has access to the same level of resources that I did at Google, many VPN providers claim to have all the best features to keep consumers safe (military-grade encryption, no logging, automatic kill switches, etc.). However, it’s all moot if they fail at keeping their servers secure. What the VPN industry seemingly lacks is a framework, infrastructure and process in place to understand the treats posed by all the vendors supporting them – including their vendors’ vendors.

There’s no doubt that it’s a hard networking challenge to solve, but it’s not without options. The supply chain and partner auditing issues are two of the reasons why I was attracted to blockchain-backed networking after leaving Google, because the blockchain developer community understands that transparency and auditing are paramount in an increasingly complex threat environment. Auditing might be a bit more straightforward because each supplier would record what they did and didn’t do on the blockchain while also signing in using their private key. In the NordVPN case, it could’ve allowed for a log of the administration tool left on the server, which might have been flagged if there was a review of the supply-chain history.

The bottom line is that it’s time these VPN vendors start minding their own kitchen before they burn the whole house down. It’s no longer enough to simply trust the VPN industry to disclose its supply chains and then assume it’ll self-police. If vendors want to truly provide the utmost transparency and lock down their infrastructure, then a good place to start is either making a commitment and investment in independent auditing or take some cues from the vigilant blockchain community.

This article is published as part of the IDG Contributor Network. Want to Join?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

usscmc

usscmc

No Result
View All Result

Recent Posts

  • Volkswagen Announces Pricing of 25% Equity Stake Sale in Porsche
  • Can software simplify the supply chain? Ryan Petersen thinks so
  • A strategic approach to cost reduction for banks and fintechs
  • Study examines supply chain issues and opportunities
  • Instacart acquires hyper local grocery e-commerce platform

Recent Comments

  • Top 5 Supply Chain Certifications that are in high demand | Top 5 Certifications on Top 5 Globally Recognized Supply Chain Certifications
  • 3 Best Procurement Certifications that are most valuable | Procurement Newz on Top 5 Globally Recognized Supply Chain Certifications

Archives

  • September 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • September 2019

Categories

  • Global News
  • Supply Chain Updates

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor

Pages

  • Home
  • Terms of Use
  • Privacy Policy
  • Disclaimer
  • Antispam
  • Contact Us

Categories

  • Global News
  • Supply Chain Updates
slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor slot gacor slot slot gacor 2023 slot 2023 slot gacor terbaru slot gacor terpercaya slot gacor

Tags

APICS Globally Recognized Supply Chain Certifications IIPMR Certifications International Institute for Procurement and Market Research (IIPMR) ISM Next Level Purchasing Top 5 Supply Chain Certifications top supply chain certifications

Trending

No Content Available
  • Antispam
  • Contact Us
  • Disclaimer
  • Home
  • Privacy Policy
  • Terms of Use

© 2023 www.usscmc.com

No Result
View All Result
  • Home
  • Supply Chain Updates
  • Global News
  • Contact Us

© 2023 www.usscmc.com

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT