Spectre and Meltdown, two major CPU based vulnerabilities recently discovered by Google’s “Project Zero” team, have caused quite the stir over the first couple of weeks of 2018.
Their ability to allow attackers to steal sensitive data from the memory of processors and devices means all organisations need to be working to protect themselves against this.
What does this mean for ITAM?
It’s another cyber-security issue that requires the distribution of patches as a fix. We’ve seen with recent incidents that getting patches deployed within an organisation doesn’t always happen as it should.
SAM as the source of data
To successfully prevent this issue, all servers need to be patched – Windows and Linux. What the business needs is a single source of truth: what do we have, where is it, what OS is it running, what applications are running? Having one department holding all this information centrally, and able to distribute it to relevant stakeholders and internal teams as required, should be a key aim of all organisations – and the SAM team is the logical choice.
If this isn’t currently the case within your organisation, this could be a good opportunity to – as Captain Picard would say – make it so.
Ensure the SAM team is part of the planning discussions on how to fix this latest problem and use it to a) discover any servers/infrastructure that may not be visible to you now and b) put forward the idea that it would all be a lot easier/quicker/cheaper if you, as the SAM team, had visibility of all infrastructure. Take note of how many different people were involved in this process and how many hours they spent working on it, and then contrast that to how it could be done centrally by your team.
If you can already do this – report on all impacted infrastructure quickly and centrally – be vocal about it. Ensure the right people know where this vital data, that helped mitigate this potential cyber security issue, came from.
Either way, look at how you can use this latest high-profile incident to further the cause of ITAM within your organisation. Cyber Security is high on the list for most CIOs in 2018; show them how SAM & ITAM can be a key component in making it a success.
Perhaps you’re looking to upgrade your current SAM tool, or maybe you want to replace it completely? Perhaps you need additional headcount within your team, to help you manage the growing infrastructure and increasing demands being put on the ITAM department – particularly with the rise of cyber-security? This could be a great time to make that request (again).
This latest scare again raises the question of who should own systems patching within an organisation – something we discussed with industry experts here.
What about Cloud?
Amazon, Google and Microsoft all worked to get their cloud infrastructure patched as soon as possible –perhaps this is another benefit for organisations using public cloud infrastructure? Having all physical servers patched on your behalf, by a well-resourced team from the company that designed the patch for that environment is surely a boon.
That said, there are certain situations where it may still necessary to take action on your Cloud hosted VMs – both Windows and Linux. So, the question is this: do you – in fact, does anyone within your organisation – have complete knowledge of all your virtual servers running on public cloud infrastructure?
We often talk about “Cloud sprawl” and how it can lead to wasted expenditure – but it can also leave you open to security flaws and attacks. If there are random, unknown, unmanaged virtual servers running within your Cloud infrastructure, this can lead your organisation open to attack.
This is another example of where ITAM should be a key component of security plans, and why ITAM should be actively involved in any projects that require deploying new Cloud assets.
- Google Project Zero – https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
- Microsoft Azure Blog post – https://azure.microsoft.com/en-gb/blog/securing-azure-customers-from-cpu-vulnerability/
- Microsoft understanding the performance impact – https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
- Intel Update – https://newsroom.intel.com/news/intel-offers-security-issue-update/