Spark Doesn't Melt

By Dave Michels
9 Jan 2018

Meltdown and Spectre — two massive security flaws revealed publicly this month — allow attackers to access “secure” data by compromising privileged processor memory. They are the mother of all security vulnerabilities, making the largest breaches and vulnerabilities in the past look like child’s play. The vulnerabilities are unprecedented. They impact processors as old as 20 years across multiple operating systems.

There will be long-term consequences involving patches, replacement processors, and, of course, breaches. To exploit these vulnerabilities, hackers must have their software running on the computer, so the best practice is actually the oldest advice: Load only trusted applications.

That’s easier said than done. It is hard enough on personal devices, but utterly impossible on cloud services as they use shared infrastructure. Traditional virtual machine (VM) boundaries don’t apply here.

The cloud providers are rushing to mitigate exposure, but they inherently sell exactly what attackers need: VMs.

UC data, such as call detail records and voice messages, can be sensitive. But these risks are relatively minor compared to workstream collaboration data, which contain sensitive conversations and content. That’s why all of the major workstream services tout encryption — but that alone is not sufficient.

Cisco’s end-to-end encryption model has an advantage here. Though commonly perceived as equals, there is a difference between end-to-end encryption and the more popular approach of encryption-in-transit combined with encryption-at-rest. The difference is where the data (the secrets) get unencrypted. With end-to-end encryption, the data is only visible in user clients — and not in the cloud.

The result is that hackers can’t access the cloud data — even via Meltdown. The cloud (databases, servers, microservices, reporting, etc.) can store, process, and even search/locate (meta) data, but not actually access it. Cisco Spark is architected to allow customers to completely control their security keys outside the cloud. Not even Cisco can access customer data.

Cisco has been talking this up for about a year now, but it has largely fallen on deaf ears. Prospects check the encryption box and move on. It’s less to do with end-to-end encryption than security in general. That’s because security suffers from being both boring and often competitive across communications solutions.

Modern encryption works really well and likely will for the foreseeable future. It appears the current RSA approach will even survive quantum computers. The big breaches we hear about with increasing frequency involve either unencrypted data or encrypted data with exposed keys.

Cisco’s commitment to end-to-end encryption comes with some costs. Since the Spark cloud can’t actually see customer data its back-end services are limited. However, if/when security becomes a customer priority, Cisco Spark is well positioned.

Dave Michels, Principal