Meltdown and Spectre are the latest threats in the software/hardware vulnerability realm, impacting servers with Intel microprocessors. ByDesign’s private cloud hosting provides adequate defenses to these vulnerabilities because we do not allow foreign code to be run/installed on our servers.
Because our cloud is a private cloud, we do not allow or sublease extra space on our servers for non-Freedom applications, which is different than AWS or other public cloud providers, which is their entire business plan.
Public Cloud providers spin up servers and allow you to upload and use their servers however you want. You manage and dictate the purpose of the server down to the operating system level.
This threat is able to penetrate lower than the operating system exploiting areas never experienced before, potentially into other Virtual Machines (VMs) on the same server…..aka…other customers on the same cloud servers…which could be hundreds or thousands. This is the crux of the threat. Because ByDesign owns its bare metal hardware, and the only VMs allowed are Freedom’s software application, foreign code isn’t allowed to be installed.
This makes our private cloud infrastructure far less susceptible to this threat.
REALLY TECHY TALK
Meltdown breaks the isolation between user applications and the operating system, and allows an application to access all system memory (this includes kernel allocated memory). Meltdown affects a range of Intel processors.
Spectre breaks the memory isolation between different applications, and allows an application to force another application to access arbitrary portions of its memory. Spectre affects a wide range of processors: Intel, AMD, and ARM.
OUR ACTION PLAN
Both vulnerabilities require that a server be compromised before either vulnerability were able to be exploited. Because of this, the risk of exploitation is fairly low. At ByDesign we have already begun the process of patching all systems and continue to do so at a rapid pace. Although this is a low risk for us, we do take these vulnerabilities seriously and are taking all precautions necessary to mitigate risk. It would be foolish not to.