CoSo Cloud secure against Spectre and Meltdown

by

January 9, 2018

CoSo Cloud is closely watching recently disclosed vulnerabilities regarding the side-channel analysis of speculative execution on modern computer processors (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754), also known as “Spectre” and “Meltdown.” This vulnerability has existed in modern processors for more than a decade and impacts processor architectures from numerous vendors.  Specific details about the vulnerabilities can be found here

Unlike with public cloud vendors like Amazon Web Services, CoSo Cloud’s customers have limited exposure to these exploits with its private single-tenant secure managed service.  This is because the exploits require malicious code running on a shared physical host.  With public clouds, you have no control over what other virtual machines share the same physical host with your application, and the very nature of a public cloud means that a malicious actor can run their attack software on any host.  The vulnerabilities may allow such malicious software running in one virtual machine to access confidential data stored in another virtual machine on the same host.  CoSo Cloud runs only software that has been tested and approved, and unlike with shared public clouds, never allows arbitrary software to run anywhere in our environment.

This being said, CoSo Cloud will be implementing vendor patches and hotfixes to further protect our environments from these vulnerabilities. These updates will be tested in our staging and development environments, then rolled out to our production environments. This is to ensure our customers will maintain a highly available, performant, secure end-user experience.

If you have further questions or need clarification on our security position, reach out to your Customer Success Manager, or CoSo Security at CoSoSecurity@cosocloud.com.

Latest Blog

Here Comes Adaptive Learning!

Corporate training has seen some incredible advances over the years. There was of course the big leap in new, innovative teaching methods and techniques driven by the widespread computerization that started in the 1960s with PLATO, the first computer-assisted instruction system that originally called the University of Illinois home before supporting thousands of terminals worldwide. […]
Privacy | Terms of Service | © CoSo Cloud LLC