Meltdown and Spectre - Is Your Data Ever Going to Really Be Safe?
This week we read about newly discovered critical vulnerabilities in most modern microprocessors. These vulnerabilities impact a large number of products, including servers and cloud infrastructure. Why should we all care?
This flaw means that programs can bypass the security barriers inside of microprocessors and steal information from other programs or virtual servers running on your company's computers. This also means that if a program is running in the cloud or other multi-tenant environment, it could get access to data belonging to other tenants running on the same hardware. The impact of these vulnerabilities are still being explored, but it’s clear that your data – and your digital trust that your data is secure – is again being severely eroded. Moreover, companies spend billions of dollars on security products yet they simply can't detect these sorts of unknown vulnerabilities. As a result, it isn't possible to trust today's IT stack. So, what can you trust?
One of our core beliefs here at Craxel is that the hardware and software stack is so
complex that plugging all the holes and eliminating all zero days is simply not possible. If this is true then it is inevitable for high performance searchable encryption to be widely adopted. Why? Because with high performance searchable encryption you don't have to trust the hardware or the software holding your information to keep it safe! Instead, the only thing you have to trust is the cryptography. If new vulnerabilities such as Meltdown or Spectre are found that lead to a compromise of the servers in your data layer, your information still can't be stolen without stealing the encryption keys from elsewhere. While destructive attacks can be mitigated through replication, it just takes one successful intrusion into a traditional database server to steal the crown jewels. Although our high performance searchable encryption can't make the entire IT stack completely trustworthy, it can transform the enterprise data layer into a digital trust layer, which is where data spends most of its lifetime. High performance searchable encryption is by far the most efficient and cost effective way to improve information security. High performance searchable encryption also enables pervasive compartmentalization, which makes information much more secure in the rest of the enterprise.
Without a doubt, Meltdown and Spectre are going to give organizations pause on storing their sensitive information in databases in the cloud. If I am an enterprise and I have information that needs to be kept safe, am I going to put it in a traditional database in the cloud now that I know that vulnerabilities such as Meltdown or Spectre exist? Sure, I could roll the dice and hope that the probability that I get hacked is low enough that it doesn't happen to me. I could also hope that Meltdown and Spectre are the last vulnerabilities that will be found. However, what responsible company would do that if there is a much better way that also provides the required functionality and performance?
High performance searchable encryption works. Large enterprise companies are
already using Black Forest Database and Black Forest Distributed Ledger to store, organize, and efficiently search their strongly encrypted information. It is now possible to envision a future where sensitive information is securely stored in a digital trust platform, efficiently accessible, and impervious to theft.
Developer editions of both the Black Forest DB and Black Forest DL are available for download today on our website at www.craxel.com.
(Click here for a list of companies whose products have been impacted by Meltdown or Spectre).