Date: 16th January 2018
The big news in the tech industry so far in 2018 doesn’t revolve around cryptocurrency, nor is it related to Mark Zuckerberg’s latest amends to Facebook for business. No, 2018 has started with a bang, with the hardware chips powering our smartphones, PCs and web servers being revealed to have been subject to severe vulnerabilities for years. These threats, known as Meltdown and Spectre, have thus been causing headaches for Intel, ARM, Amazon, and countless others.
So, what do they do?
Of particular concern – due to the ability for malicious code to abuse Intel and ARM processors and leak information from other processes – is Meltdown. For users on a smartphone or PC, the deployment of malicious code has the potential to access personal information, while those operating on a multiple server environment face the risk of Meltdown infiltrating Intel and ARM’s speculative execution implementations.
What’s more, such risk opens the possibility for Meltdown to access the operating system kernel. In essence, the vulnerability means a compromise of the isolation between operating system and application data. Continuing to operate with an unpatched operating system therefore represents a fundamental flaw and working with sensitive information without a potential leak is a step too far for the most prudent of businesses.
Why these vulnerabilities have arisen
So, why have Meltdown and Spectre only become an issue now? For many years, the standard measure for optimum performance has been speed, leading chipmakers to prioritise such attributes in order to satisfy demand. Of course, when one element is given priority, another has to suffer. In this instance, it has been security, leading to the recent issues being made public.
In order to mitigate the issue, security patches are being rolled out, first for Meltdown and later for Spectre. This itself has been blighted by issues. As identified above, the company bearing much of the brunt of criticism since the issue was announced has been Intel – which suffered an 8% drop in share price. But, while Intel has taken steps to release patches in order to mitigate against the risk, much of the ire has only shifted instead on Amazon Web Services.
Releases of the Meltdown security patches have caused a marked degradation of performance of AWS EC2 instances. Individual operations and workloads could potentially be upwards of 30% slower, while server users and their unique workloads could experience even greater impact.
What this means for performance monitoring
If you’re reading this, you’re probably concerned about the effect both Meltdown and Spectre – plus the subsequent security patches – have on your website’s performance. With AWS responsible for approximately one-third of the Internet’s cloud infrastructure, the potential ‘slow downs’ to be experienced will be significant and, of course, this could lead to issues with your own site.
As such, performance monitoring plays an important role in mitigating against problems associated with the release of these patches. By running realistic journeys in development and live environments, identifying loads issues and performance errors will enable you to mitigate poor user experience.
When will the issues be remedied?
Amazon Web Services has vowed to support users in resolving any issues during deployment of the Meltdown patches, but the insidious nature of Spectre has yet to be fully realised, so monitoring performance once these patches are released later in the years is of the utmost importance.
To find out more about how you can monitor your website to avoid performance issues, get in touch with SciVisum today. Our performance consultants will be able to advise you on the best action to take and answer any questions you may have. Call today on 01227 768276.