Spectre and Meltdown vulnerabilities highlight the benefits of standalone storage technology
Posted on Thursday, January 11, 2018
News that most CPUs contain a serious flaw in the way they handle cached data is causing CTOs serious headaches. Virtually every device, from servers to smartphones could (in theory) expose sensitive data if compromised.
The media attention surrounding the Spectre and Meltdown “bugs” has brought the issue of maintenance and support back into the spotlight. In the confusion, many CTOs will be tempted to automatically renew OEM support contracts to increase their level of protection against attack, replace older hardware as quickly as possible, or move their data to the Cloud.
The message from storage vendors is clear – the risks from Spectre and Meltdown are relatively small for storage products. Which means that CTOs can focus time and resources on securing other infrastructure.
And for any organization using post-warranty storage solutions, the sentiment remains the same – don’t panic. If microcode updates are released to fix issues, they will be made available to everyone, including those businesses using third party support and maintenance services.
Storage vendors do not appear hugely concerned
While server vendors are rushing out microcode fixes, storage hardware manufacturers have been much more muted in their response. IBM and NetApp have both claimed that their storage arrays are not affected by the bugs for instance.
Meanwhile Dell EMC has claimed that on-site users have little to worry about – it is multi-tenant cloud platforms that present the greatest risk of information leakage. Fixes and patches will be prioritized accordingly, however CTOs should strongly consider data security, before moving their data to multi-tenant Cloud environments.
The most important and immediate action customers can take to protect themselves is to prevent the unauthorized execution of software on machines handling sensitive data.
Strength in choosing third party support
No matter how bad the Spectre and Meltdown situation becomes, there is absolutely no reason for any organization to rush into renewing an agreement with their storage OEM. To learn more about CDS and how our third party maintenance services keep your business safe (while cutting costs), please get in touch.