How Meltdown & Spectre underline the benefits of being on the Cloud
Security researchers from both academia and commercial organisations have identified a series of critical vulnerabilities in CPU’s from all the major chip builders - Intel, ARM and AMD. Details can be found here https://meltdownattack.com/.
The first - now known as Meltdown (CVE-2017-5753, CVE-2017-5715) - predominantly affects Intel CPU’s (AMD are not affected and only one processor design - the Cortex-A - from ARM is susceptible). The vulnerability is linked to a ‘clever’ feature called out-of-order execution however it also potentially exposes something called kernel memory - which typically holds sensitive information (including cryptographic keys, passwords etc.).
The second - now known as Spectre (CVE-2017-5754) - affects a much wider series of processors and also allows applications to extract information held in kernel memory (as described above).
What does this mean to you?
These issues ‘affects potentially all out-of-order execution Intel processors since 1995, except Itanium and pre-2013 Atoms. It definitely affects out-of-order x86-64 Intel CPUs since 2011’ - http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
This means that servers located in the cloud and, more importantly, your data centre are affected.
I emphasise your data centre because AWS (and other cloud providers) have already begun patching, and will likely have completed this on a global scale before lunchtime today (04 Jan 2018). Will you be able to say the same for your on-premises systems?
Arcus Global, as an AWS MSP partner, has already contacted our customers to let them know of potential service interruptions and is monitoring all systems closely to make sure that they don’t adversely impact services/applications.
Will there be any side effects?
Initial reports indicate that there could be anywhere from 5% to 30% performance reduction depending on the workload.
In an on-premise data centre that presents a potentially serious problem - you cannot simply dial up more performance. You have a limited set of physical CPUs. They only operate as well as you can physically cool them. Taking a 30% performance hit in that environment could have significant impact on business operations.
In the cloud this is far less of an issue as you can simply increase the size of the compute instance to account for any performance impact. A 30% performance impact can be mitigated for a 1-2% cost increase - in minutes.
In a traditional data centre environment it would take far longer, even if your suppliers can get you a new piece of tin in 4 hours you’re still looking at that being ~80 times slower than being in the cloud. Oh, and of course do you have the power/cooling overhead required for faster hardware?
What should you do?
In situations like this cloud based systems will be the least affected and most secure. Period.
Combine a fully audited Managed Service Provider like Arcus Global with AWS, the world’s leading cloud infrastructure provider, and you and your organisation can be assured that when (not if) issues like this arise again, you will be in the best hands.