As an IT Professional for 20+ years, always with a keen interest in security the ‘Meltdown’ and ‘Spectre’ vulnerabilities aren’t exactly a surprise; it’s business as usual albeit with a wide reaching impact. Unless you’ve gone off-grid, shunning all computing equipment, you need to make sure you’re patched. What has surprised me is how very complicated both the language and concepts that are being bandied about in the mainstream media are.

Whilst in a waiting room this morning (and sending outage notifications for patching related reboots!) I overheard the BBC TV reporting on the subject. The newsreader was clear in her delivery but as I glanced around the waiting room it occurred to me that it’s nigh on impossible to explain the specifics to anyone outside of the tech community. As our reliance on technology continues the need for helpful experts in cyber security, such as our team here, has never been greater.

The ongoing quest for total security is a chimera but without the community of white hat cyber security experts we wouldn’t even know that the chimera existed. It doesn’t take much to imagine an alternative scenario where the ‘bad’ guys had discovered this potential exploit and maliciously, silently, gathered data for their own gain.

Performance
As for performance concerns, for personal devices most of us don’t utilise anything like the capacity of our processors so yes, it will be slower but apparently we won’t notice. Within our environments the jury’s still out. As of now we’ve patched almost all the underlying infrastructure with only some server OSs to go, so it’s too early to say with any certainty. What we can categorically state is that we’re the experts; not only do we understand the vulnerabilities but we know our job – to monitor, maintain and secure your environments in all their guises.
There seems to be some performance concerns regarding pure cloud environments. Unless you have a dedicated team typically these environments are less pro-actively managed which leaves performance issues to be spotted by customers rather than as soon as patches are applied. We offer performance benchmarking services and active remote management of on-premise, hybrid and pure cloud environments. Contact us for more information on how we can help.

Links
Here are 2 articles we’ve found useful – as ever NCSC provide a balanced, if somewhat terse, crib sheet and HowtoGeek fill in some details:

https://www.ncsc.gov.uk/guidance/meltdown-and-spectre-guidance
https://www.howtogeek.com/338269/a-huge-intel-security-hole-could-slow-down-your-pc-soon/

Matthew McCloskey

Blue Sky Commercial Director