Meltdown & Spectre Security Vulnerabilities
Overview
There has been a lot of coverage, in the general and technical press, over the last week regarding the meltdown and spectre security vulnerabilities and we therefore wanted to give you an update on this in relation to our products and services. For an overview of these vulnerabilities, please visit the spectre attack website.
iShare in the Cloud Customers
All our Cloud Services are hosted on the Amazon Web Services platform. Amazon have confirmed that they have patched all the underlying infrastructure on which our services are hosted. In addition, we have patched the Windows operating systems running in our customers' Virtual Private Cloud environments, as per the advice from the National Cyber Security Centre and Amazon themselves. We have not noticed any meaningful performance impact following this patching process.
iShare On Premise Customers
For iShare On Premise customers, your ICT department or provider is responsible for the infrastructure on which iShare runs. You will therefore need to check with them as to what action they are taking with regard to these vulnerabilities. Our suggestion is that they follow the National Cyber Security Centre advice and patch all systems. However, we are unable to confirm whether there will be any performance impact on iShare as every customer environment (processors, virtualisation technology, anti-virus etc) will be unique.
Other Astun Services
Other Astun hosted services used by both Cloud and On-Premise customers include Astun Data Services (ADS), INSPIRE and GeoNetwork. These have been patched by Amazon at the infrastructure level. We have noticed some performance impact on ADS in certain circumstances and are currently exploring what options are available to maintain an appropriate level of service. We are also awaiting the release of the operating system patch for the AWS platform and will apply that as soon as available and tested.