BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

UK And Germany Double Down On Joint AI, Clean Energy R&D Efforts
Decarbonizing Heavy Transportation: Quantron's Michael Perschke On Pioneering Hydrogen Solutions
Bridging The Digital Divide In The AI Era - The UNDP Way
Big Tech Ramps Up Content Moderation Amid EU Pressure
Spain's Successful Miura 1 Launch Reignites Europe's Hopes For Space Exploration
UNESCO And The Netherlands Launch Initiative To Ensure Ethical Oversight Of AI
Edit Story
ForbesInnovationEnterprise & Cloud

Possible Implications Of The Intel Patch

Dan Woods
Former Contributor
Opinions expressed by Forbes Contributors are their own.
This article is more than 6 years old.

Jennifer Walker

It’s not just the latest season of Black Mirror that has most of us worried — or at least thinking — about cybersecurity these days. Most recently, the media’s cybersecurity concerns have turned to Intel and two vulnerabilities within its chips. I don’t want to rehash what has been written about more extensively elsewhere, but the quick summary of the story is this: Intel’s chips have two security issues that can lead to risks. Google first recognized the problems, now being called “Meltdown” and “Spectre,” that could leave the chips open to penetration by hackers.

In response to the identification of these problems, Intel has stepped forward with a patch that it says should solve the problem. And Intel has said that 90% of its chips will have the patch within the coming weeks.

In many ways, we could read this as good news, as a sign that the good guys are staying one step ahead of the bad guys in the unending struggle that is cybersecurity. This is how detection and response should work — Google identified the issue, alerted Intel and the rest of the world, and within a short amount of time, we have a solution. We can all be encouraged by the systematic action taken by Amazon, Apple, and Google to address these vulnerabilities.

But, even with these positive signs, I think it’s worth asking what the practical fallout of the Intel security patches are for the rest of us more broadly. While it’s reasonable to take comfort that IT leaders are taking this problem seriously, there will also likely be fallout with implications we haven’t thoroughly thought through yet.

For example, Craig Guarente, the CEO and Founder of Palisade Compliance, which advises companies on Oracle licensing and audits, recently told me that he has concerns that in the Intel case, the treatment for many people may be worse than the disease. He said that many measures that Intel and the other IT giants are putting in place to remedy security problems are reducing the performance of the chips. For Guarente, this could have dramatic implications for individuals and businesses alike. It could mean that customers will have to spend copiously to expand their computing capability just to manage the new requirements from the patches. Or, you have to wonder, if you're in a relationship with an aggressive vendor like Oracle, will you be in a disadvantaged position to negotiate? Guarente believes the answer is yes. According to Guarente “Companies like Oracle might gain a great advantage by this security flaw.  If Oracle clients need more server power to maintain performance, then they need more licenses.  Software is exponentially more expensive than hardware.”

Regardless, Guarente’s position reminds us that solutions are never straightforward when it comes to cybersecurity.

I recently reached out to a number of CTOs to hear their thoughts on the implications of the Intel patch. They offered a variety of opinions and ideas on the effects that are possible, which I’ll summarize below:

  • In general, the CTOs said that any change in performance would likely to affect some workloads more than others. One said that he is keeping a close eye on the bills for Amazon Web Services and other cloud services to see if there is any significant increase.
  • One CTO suggested we could see a wave of new products rushed to market to address the computing power issue.
  • Another told me that we could also see that IT has to spend a lot more time refreshing hardware and software, rather than creating new stuff, in order to get decent performance from current technology. The question will be, who pays for this change?
  • Yet another told me that the problems with Intel and the patch would not be nearly as consequential as initially thought. The impact could be felt more severely by some organizations than others, though, again based on the effect on their workloads.
  • A few thought that because there will be unintended consequences we can’t predict now, it’s highly unlikely that any one vendor will emerge victorious with a solution for the entire problem.
  • One CTO said that he doubted this will have much of an impact at all long-term, as it affects everyone.
  • Finally, while security is a major concern now, some of the CTOs felt that quantum computing, and the ability to more easily reconfigure software and hardware, may make this type of issue irrelevant in the future. Others disagreed and suggested that quantum computing would make security even more difficult.

Finally, I also spoke with Jim D’Arezzo, CEO of Condusiv Technologies, who said that he still thinks the patches will lead to slower computers but that it doesn’t have to be a problem. He thought it would lead to companies pursuing more I/O reduction software, like that provided by Condusiv to ensure they had enough computing capacity. “I/O reduction software can improve performance without the extra hardware. And, with just a little more memory, they can really boost performance. Computing is all about data input and output, and the faster it does that, the better the performance,” he said.

I will be keeping an eye on this question to see which of the second order effects, if any, rear their head.

 

Follow me on Twitter or LinkedInCheck out my website
Dan Woods
Dan Woods