Meltdown and Spectre

Jan 11, 2018

If you’re responsible for your company’s website, you’ve undoubtedly heard about Meltdown and Spectre, the major flaws recently found in almost all computer processors built in the last 20 years. And, you may have first learned of Meltdown and Spectre on the evening of January 4th, when Amazon, Microsoft, and Google pushed out patches to mitigate against 1 of the 2 flaws, and temporarily brought down your site. (Living under a rock? Read this excellent recap from the New York Times.)


Well, the good news is there’s already a fix for the Meltdown exploit though it may result in a 20-30% decrease in performance (Note, both Google and Amazon say the performance decrease predictions are “overblown”).


The bad news: the long term effects will not fully be known for years.


So, how does all of this affect the future of the cloud?

Amazon, Google, and Microsoft are the leading cloud providers in the space, and since they have almost limitless money, it’s hard to fathom these security issues not getting resolved. That said, the Spectre exploit is only going to be truly resolved with a new chip redesign and at best, that is years and years away.


What will most likely dampen the almost endless cloud party is when corporations no longer show their willingness to join or stay at the cloud party. In the last few years, these risk-averse companies have put a lot of faith into the cloud and transitioned a good portion of data and programs over. The Meltdown and Spectre flaws will most certainly now give companies pause before moving anything over. And, it will make those corporate entities already in the cloud rethink their strategy. Confidence is what has helped the cloud grow, and as of last week, that took a hit, a big one.


What can you do?

If you’re in the cloud with Amazon, Microsoft, or Google and using their out-of-the-box operating system images, you’re all set with Meltdown. Those providers issued security patches on January 4th. If you use any of those services, but are using a custom image, it’s up to you or your technical partners to update that image.


If you have your own internal network and hosting, make sure to patch your systems with released security fixes and continue to make your entire infrastructure is as secure as possible.