NetDocuments recognizes the serious set of security vulnerabilities known as Meltdown and Spectre and is actively monitoring developments regarding these vulnerabilities. Because of the extensive multi-layered defenses and controls implemented within the NetDocuments Service infrastructure, together with the inherent protection created by the architecture of the Service, the ability of someone to directly exploit either of these vulnerabilities within NetDocuments is extremely unlikely. NetDocuments is actively reviewing strategies to ensure ongoing protection of customer documents while also maintaining optimal performance of the Service.
Customers should conduct their own risk analysis and follow their own security best practices to prevent Meltdown and Spectre exploits of individual customer devices. The United States Computer Emergency Readiness Team (US-CERT) has provided guidance for these vulnerabilities in TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance.
What are Meltdown and Spectre
Meltdown and Spectre are design weaknesses within the architecture of CPUs that allow critical information in the basic processing functions of the CPUs to be potentially exposed. The vulnerabilities are found in Intel, AMD, and ARM processors that, between them, involve almost all servers, PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system.
Protecting NetDocuments' Servers
Like most modern computers, NetDocuments’ servers are potentially vulnerable to Meltdown or Spectre exploits because they use CPUs which contain the design weaknesses. However, these vulnerabilities can only be exploited when an attacker can run their code on a targeted server. The ability of an attacker to reach a NetDocuments server and run exploit code on the server is thwarted by the following defenses and controls:
Is your firm ready to learn more about NetDocuments' leading cloud platform? Schedule a conversation with one of our experts to learn why firms are making the switch.