As news continues to trickle out regarding Meltdown and Spectre, KeepItSafe is taking proactive measures to protect our customers. These vulnerabilities date back nearly a decade and take advantage of an architectural design flaw in most modern processors–potentially allowing data to be exposed. Please note that at this time there is no evidence of successful malicious events exploiting Meltdown or Spectre.
In this age of ransomware, every potential vulnerability is scrutinized and then sensationalized. Even the Computer Emergency Response Team, or CERT, issued an early non-hyperbole statement saying there is only one way to fix the CPU speculative execution vulnerability: replace the CPU. After thoroughly dissecting the underlying potential for side channel attacks and reviewing the availability of remedies, CERT retracted their initial recommendation by providing measured advice to apply operating system updates and patches when available. This distinct change by CERT coupled with patch availability proclamations from various hypervisor, operating system, and chip manufacturers should help to level set concerns.
More information for the hardware vulnerabilities can be found here: https://meltdownattack.com/
The KeepItSafe cloud services team can confirm through our diligent analysis across all businesses, datacenters, and infrastructures, we are not aware of any instances suggesting that Meltdown or Spectre have been used to impact data in our infrastructure. In order to ensure workload and data protection security, our network engineers continue to remain vigilant in monitoring our systems and shall keep our platforms updated with the latest security updates available to us.
At this juncture, there are literally thousands of articles, blog posts and editorials detailing the causes, vulnerabilities, and repercussions of Meltdown and Spectre. We understand this can be a confusing time and want to reaffirm that KeepItSafe has not experienced any security or performance issues and that our network engineers remain in communication with technology vendors regarding latest patches as they become available. Due to the unique nature of Meltdown and Spectre, it will likely take time to fully understand the full scope of these vulnerabilities and for vendors to issue additional patches allowing improved exploit protection and optimized performance.
The KeepItSafe engineering team will continue to maintain a secure-first data protection approach and provide a non-disruptive cloud service experience. Outside of software updates for your own hardware, sound advice dictates to remain informed, practice security principles and adhere to data protection best practices. We shall provide further updates, as they become available.
Download a free Planning Guide
“Storage Switzerland details DR Planning from Good to Great”