Open Systems Technologies (OST), an AWS partner and Microsoft Direct CSP and Gold Partner, is reaching out to its end customers and vendor partners as more information on the vulnerability comes to light, Michael Lomonaco, director of marketing and communications for OST, told CRN.
Grand Rapids, Mich.-based OST has been proactive on both real and perceived vulnerabilities that the security flaw may have created within its diverse customer environments, Lomonaco said. OST is a AWS Alexa for Business partner, and on the Microsoft side, the solution provider has customers on the Azure platform.
Lomonaco said that OST has been "feverishly" communicating via email and making personal calls to both customers and partners in order to make sure any impact is minimized, and any new information is shared.
"We [are] working to ensure necessary updates are made in a timely manner in order to minimize any potential exposure, slowdowns to workloads, and overall performance," Lomonaco said.
HighVail Systems, a Toronto consulting firm and Microsoft Azure partner, is still trying to get to the bottom of how Meltdown and Spectre will impact its customers. In the meantime, the solution provider is encouraging customers possibly impacted by Meltdown to "patch, patch, patch; and set up your infrastructure to be ready to quickly respond to these challenges," according to Bradley Brodkin, president and CEO of HighVail.
For Spectre, Brodkin is suggesting customers upgrade their servers when the next generation of hardware arrives, and to be "cautious about retiring [those older servers] and moving to the cloud."
Cloud giant AWS in a blog post called the vulnerability an issue that "has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices."
AWS assured partners and customers that all but a "small single-digit percentage" of instances across the Amazon EC2 fleet are already protected. At the time of the blog post on Wednesday, AWS said that the remaining unprotected instances would have been updated by Wednesday evening. The company added that in order to be fully protected against Meltdown and Spectre, customers must also patch their own instance operating systems.
Updates for Amazon Linux have also been made available to partners and end customers to update their instances.
Google, which Intel said was the first company to alert it to the vulnerability, said that it updated its public cloud service, Google Cloud, to prevent attacks related to Meltdown and Spectre.
"We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts," Ben Treynor Sloss, Google's engineering vice president wrote in a blog post. However, customers will need to update the operating systems they use on the Google cloud, the provider said.
Google also said that it is "actively working" with its technology partners to ensure that its other cloud-based offerings are updated and patched.