Why Meltdown and Spectre Present Low Risk to Nasuni Customers
January 09, 2018 | Warren Arnold
Recently discovered security threats known as “Meltdown” and “Spectre” are getting a lot of attention. Both exploit common features of modern microprocessors used in computers, tablets, smartphones, and other gadgets to create vulnerabilities that can put data at risk.
- Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a malicious program to access the memory, and thus also the secrets, of other programs and the operating system.
- Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, even those that follow best practices, into leaking their secrets.
Operating system and cloud providers like Amazon, Microsoft, and Red Hat are investigating and delivering solutions to mitigate these threats.
If most desktop, laptop, and cloud computers are affected by these new threats, why is the risk to Nasuni customers low?
Meltdown and Spectre both require software running locally on computers to exploit unauthorized access to system memory. Nasuni Edge Appliances are hardened Linux-based appliances that do not allow local access. The only local software running on our appliances is provided by us, and we don’t offer any facility to run outside software on them. As a result, there is no practical way to exploit these vulnerabilities on Nasuni Edge Appliances, making the risks presented by Meltdown and Spectre to Nasuni customers very low.
That said, we are working to provide an update to the Nasuni Edge Appliance kernel that will include security updates to mitigate Meltdown and Spectre.
Keep in mind the industry only recently discovered this new class of security vulnerabilities. As a result, mitigations and associated best practices may change over time. We will continue to work with industry leaders and the open source communities to protect our customers from these and other known vulnerabilities, and make our Edge Appliances even more robust against attacks like Meltdown and Spectre.
[rev_slider alias=”white-paper-security-model”]
Nasuni Customer John Shaffer shares the top reasons that Greenhill relies on the Nasuni hybrid cloud storage platform and more in his guest blog post.
Backup, Cloud Data Migration, Cloud Migration, Cloud Security, Company, Competitors, Customers, Disaster Recovery, Enterprise Cloud Storage, File Sharing, Intelligence and AI, Solutions
Jim Liddle shares how innovations in machine learning and AI are helping enterprises get Fit for AI through intelligent automation.
Cloud Security, Enterprise Cloud Storage, Featured, File Sharing, Intelligence and AI, Solutions
Russ Kennedy walks enterprises through how they can set their data and infrastructure up for success by being AI ready.
Cloud Security, Enterprise Cloud Storage, File Sharing, Intelligence and AI, Solutions