Meltdown and Spectre in the Cloud DMS

Meltdown and Spectre have been all over the news recently, and rightfully so. If you aren’t familiar, here’s a good explainer by Wired magazine: A Critical Intel Flaw Breaks Basic Security for Most Computers. If you’re too lazy to read the whole article, here’s the gist: “Meltdown allows malicious programs to gain access to higher-privileged parts of a computer’s memory, while Spectre steals data from the memory of other applications running on a machine.” The best part is that the vulnerability has also been seen in AMD and ARM processors too — not just Intel!

Microsoft is in the process of releasing critical patches for this (though the Microsoft patches for AMD processors have been temporarily halted due to bootup issues). The Wired piece goes into how Microsoft, Apple, Amazon and Google are addressing the vulnerabilities. All on-premises Windows systems should be patched as soon as possible. But what about the Legal DMS Cloud vendors?

iManage released the following announcement (login required) about the impact on iManage Cloud:

The iManage Cloud back-end infrastructure hosted in public cloud platforms—including Microsoft Azure—and in managed CenturyLink and Cyxtera data centers are affected by these vulnerabilities. We are following our standard protocol to protect iManage Cloud servers by applying necessary patches released by vendors vulnerable to these attacks. This is an ongoing process and many servers have already been patched. There are no system outages required for the application of these patches.

NetDocuments released detailed security initiatives in a Support Article, but the summary is below:

NetDocuments recognizes the serious set of security vulnerabilities known as Meltdown and Spectre and is actively monitoring developments regarding these vulnerabilities.  Because of the extensive multi-layered defenses and controls implemented within the NetDocuments Service infrastructure, together with the inherent protection created by the architecture of the Service, the ability of someone to directly exploit either of these vulnerabilities within NetDocuments is extremely unlikely.  NetDocuments is actively reviewing strategies to ensure ongoing protection of customer documents while also maintaining optimal performance of the Service.

The key takeaway is that no one is immune from Meltdown and Spectre. Everyone must patch their environments as quickly and safely as possible, and that includes your Cloud vendors as well.