In the wake of several high-profile security gaffes, Yahoo has announced new efforts to improve its security efforts. The company has hired security veteran, Alex Stamos as its new corporate information security office, a move that’s been praised by industry observers. Stamos has quickly gone to work implementing HTTPS encryption and encryption for data in motion, but has indicated that instituting better encryption will only be the first step in shoring up the company’s poor reputation around information security.
The bad publicity for the company began in October 2013, and even resulted in the company’s servers going offline for several days in December. The trend continued going into the new year, when news broke that the company’s websites were serving malvertisements. The company also admitted an organized effort to gain unauthorized access to Yahoo Mail accounts on January 30.
According to tech expert, Jason Hope, (https://www.facebook.com/jason.r.hope), a move to improve security measures could not possibly come soon enough for the struggling company.
“Over the past couple of months, it seems like it’s just been one thing after another for Yahoo,” said Mr. Hope. “We even saw [Yahoo CEO] Marissa Mayer making a public apology when the site went down in December.
Even people who don’t understand the basics of Internet security are getting the message that something’s not right with Yahoo, and that the company’s services may not be safe to use. If the new CISO can come in and really do something about the perspective that Yahoo just doesn’t care about security, it would end up being a tremendous boost for the company.”
According to Stamos, the first step in the process of addressing the company’s security woes is now complete, as all traffic moving back and forth between Yahoo data centers is fully encrypted, as of March 31. The company will now begin focusing its efforts on putting additional security best practices in place, and working with their business partners to ensure that data security will extend across the entire ecosystem.
Yahoo’s long list of recent security woes has even lead some Yahoo Mail users to publicly threaten to leave the company for competitors like Gmail on Yahoo forums. While the security has certainly lead to a lot of bad publicity for the company, some industry analysts have pointed out that the company may have viewed security as less of a priority due to all the other problems it was already facing. According to Jason Hope, Yahoo’s short-sightedness when it comes to information security has now come back to cause problems for the company.
“It’s well established that Yahoo has been dealing with a number of problems in recent months, the most important of which are losing users and losing revenue to some of their main competitors.
It seems like security was just something they put on the back burner, because they had so many short-term problems that they had to worry about first. Now, it seems like it’s finally dawned on them that security is an important part of making their company attractive to users in the first place. If they’re worried about losing market share, doing something about their poor reputation for security can only help with that.”
The security announcements come as Yahoo is starting to make a push into the small and midsize business marketplace, which makes it all the more important that Stamos’ plan succeeds. Business users have even higher security standards than consumers do, so it would take a serious improvement in the company’s reputation before many business users could feel comfortable about working with Yahoo in the future.
Other analysts have pointed out the fact that Yahoo’s move to address its security problems was actually relatively quick, for a company of its size. This may indicate that the company is moving in the right direction, and success will be dependent on how well the plan is executed.
“When security isn’t baked into the company culture as something that’s a priority from the start, it can take an extremely long time for a big company like Yahoo to change that. However, Stamos is someone that’s had success with implementing security measures before, so if he gets the right support from the higher ups at the company, there’s no reason he can’t start turning this thing around, slowly but surely.”
About Author: Amy Taylor is a business and technology writer. Amy began her career as a small business owner in Phoenix, AZ. She enjoys writing about business technology trends. When she isn’t writing, she enjoys hiking with her Alaskan Malamute, Sam.
