Wednesday, January 10, 2018

A New Year, and New Challenges for Cyber Security: Spectre and Meltdown

Jason Alexander, Director, IT Ops and Cloud
Cloud / Technology / Platforms

It’s a new year, and there are new challenges for security of computing environments. Are you at risk? If you have not taken specific action, then likely the answer is YES.

If you touch technology (I presume you do if you are reading this post), you have likely heard of the security vulnerabilities called Spectre and Meltdown circling in last week’s news. But you may still be wondering what it is. In layman’s terms, it’s a vulnerability affecting nearly every CPU (central processing unit) made in the last 20 years across platforms, from servers and laptops, to mobile processors. Whether you carry it in your pocket, wear it on your wrist, ‘write’ on it, or type on it – whether it’s on your desk, in your datacenter or in the “cloud” – it’s all vulnerable. Windows, Linux, UNIX, MacOS, iOS and Android (as well as Internet routers, switches and firewalls – though many of these are considered ‘closed systems’, so the threat is considered lesser) all run on these processors, and are susceptible. Essentially, the entirety of our worldwide computing power is, at its core, at risk.

This vulnerability exists, in varying degrees, in the CPUs from makers including Intel, AMD and ARM.  Given that this vulnerability is at the very core (pun intended) it is a BIG deal. It is akin to building a house: You can buy the finest furniture, put in the best appliances, and integrate all the latest in-home technologies – but if your foundation has flaws you are going to have problems. Cosmetics can’t fix foundational issues.

This is where a prescriptive 24x7 approach to systems management and monitoring comes in. When Microsoft unexpectedly accelerated the window with a communication that they were going to immediately begin rebooting virtual machines, the Rightpoint critical support team was ready and took immediate action to avoid service interruptions that would likely have come with automated random, rolling reboots, with comprehensive monitoring in place the whole while.

It’s a new year, and with it, we have this new security issue. As our technology gets more sophisticated, there will continue to be new vulnerabilities and threats uncovered. But in prescriptive terms, if you have a solid technology management plan in place, then the security and operational plans don’t really change. We recommend that you 1) continue to stay informed, and 2) have a solid systems management strategy. The Rightpoint Managed Services team stays abreast of industry announcements and good practices, and takes a prescriptive approach to management of our delivered solutions to combine good systems management practices with ongoing 24x7 application monitoring. If you’d like help assessing the security of your computing environments, contact us



Jason Alexander is an Operations and Delivery Manager, Managed Services at Rightpoint. Follow Jason on LinkedIn.