Recently, news has been released regarding a certain design flaw affecting the security of Intel, AMD, and other processors. This simple flaw, which was first reported by Google's Project Zero team, centers around "speculative execution" — a process that was implemented in Intel, AMD, and largely every other core processing unit dating as far back as 1995. Speculative execution was designed in order to make computing capabilities faster.
What Are the Meltdown and Spectre Vulnerabilities?
The idea was that a processor could speculate what actions a user would implement next and have those actions ready to execute. If the user did not choose to execute those actions, the processor would simply abandon them.
For years this design has gone unnoticed, but recent finds bring to light the vulnerabilities of this design, namely, the Meltdown and Spectre vulnerabilities. Meltdown allows a rogue process to read any kernel memory, regardless of whether or not it has permission to do so. Meltdown is thought to be a slightly less harmful, short-term vulnerability.
Spectre allows hackers to fool the applications running on a machine to give up secret information from the kernel to the hacker without the consent or knowledge of the user. Spectre could have repercussions that could last for a long time to come.
How Do You Get Protected from These Computer Chip Vulnerabilities?
Luckily, for most people who possess technology with these processors (anyone owning an Apple, a Microsoft, a Google, an Amazon, etc., device), a series of software updates will be able to protect you for the time being. To fully destroy this issue, the fundamental design of processing chips will have to be reimagined, and that may not happen for some time to come.
How Safe Is the Cloud?
Staff of cloud computing services such as Amazon Web Services or Google Cloud are working on mitigating these vulnerabilities as fast as possible. You might feel some relief to know that for Amazon, "all but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected." And as for Google Cloud services, a chart was released demonstrating what services were affected and what (if any) updates users must perform to keep their information safe.
This efficiency and the minuscule amount of time it took for these cloud-based services to get patches created to update their software speaks to the multilayer levels of high security these services utilize.
Credible Cloud Providers Offer a Bit More Security than Any Physical Server
The speed at which these updates were made also stems from cloud-based services' capacity to respond to these types of incidents. For nonprofits looking to keep their information safe and their services up to date, this is a huge benefit. Cloud-based services could save your organization the money that would have been spent on unnecessary in-house hardware; they could also save you the time spent updating software and other manual tasks required to deal with CPU vulnerabilities like these.
Some may speculate that cloud-based servers might become more of a target for these kinds of attacks. But most cloud service providers have highly skilled professionals who regularly monitor cloud infrastructure to identify potential security threats.
Companies such as Google, whose own Project Zero team identified the threats in the first place, would be credible companies to turn to when considering cloud-based computing. Because of this, it's safe to say that when working with these companies, your data is a bit more secure in the cloud than on any physical server, especially now.