If you’ve been following cybersecurity news, you might have heard of two critical system faults called Spectre and Meltdown. Even though each flaw is unique, they’re both tied to similar problems. As I mentioned in our new year’s video “I keep an eye on things!” which is why I wanted to explain the two in more detail, and about their (non) impact on Julie Desk.
Spectre and Meltdown : What’s this about?
To get into the technical side of things, once these system faults are exploited, they can allow an application to access cached data from a computer’s processor while ignoring verification permissions. In other words, any application can look at the processor cache, even if it wasn’t the one that created it!
The critical effect of these flaws lies in breaking the barrier that isolates applications using the same processor. And access to shared memory means potential access to sensitive data, such as passwords!
However, to exploit these flaws, one must be able to run a program on the same processor as the target program.
Is Julie Desk’s infrastructure impacted? Is there a risk to my data security?
These flaws concern Intel, AMD, ARM and Qualcomm processors, some of them since 1995! That means almost all machines are concerned. At Julie Desk, we have Intel and AMD servers. In this case, we could be impacted if an attacker managed to run an application on the same processor as the target application. But our infrastructure runs on dedicated machines, with a dedicated network and dedicated storage, which means that only Julie Desk has access to and uses these physical resources. Our service is not hosted in the “public cloud.” This considerably reduces the risk of exploitation: an attacker must have access to one of our machines before he can attack.
We use virtualization via vMware ESXI, which is not vulnerable in the case of Meltdown. In the case of Spectre, the updates are already available and have been applied prior to public disclosure in our regular update processes. So no, Julie Desk infrastructure is not vulnerable.
Let’s take advantage of this news to go into detail about the way we handle security at Julie Desk.
A Dedicated infrastructure in France
One of the primary security measures we’ve put in place is the use of dedicated resources (storage, servers and networks). We chose to house our resources in France so that:
- There is applicable data protection for regulatory context. In other words, we are not subject to the laws of foreign jurisdictions (e.g. the Patriot Act in the US).
- We maintain a proximity to our suppliers, which means we have support during French working hours and in the French language, which makes for easy contact.
- We meet our customers’ requirements in terms of data location.
This dedicated system not only improves security, but also allows us to have control over the configuration of our machines. We can cover our needs as closely as possible, without being impacted by the use of physical resources by our hosting provider’s other clients.
How are the vulnerabilities and updates handled?
With regard to the two vulnerabilities presented in this article, updates are available and must be applied in order to correct detected flaws. It is important to be able to easily deploy updates across the entire infrastructure. Julie Desk infrastructure is fairly complex and spread over a large number of virtual machines. Our system follows a logic of “1 virtual machine = 1 task“. This guarantees us a level of service even in the event of a breakdown. We have deployed tools to manage this type of infrastructure and regularly run updates.
All this allows us to apply system updates on a regular basis, and react before such vulnerabilities are discovered. This limits the risks of exploiting new security vulnerabilities. We also have the ability to apply urgent updates in case critical flaws are discovered.
In addition, we regularly test our systems on a preventive basis. We look for possible configuration errors, conduct automated vulnerability tests, perform analyses of application errors, test all modifications before publishing them, and so on.
These are just a few examples of what we’re doing at Julie Desk to ensure data security. We go much further than what is mentioned here.
Don’t hesitate to contact me directly if you have any specific security questions.?