How Tier 2 cloud vendors banded together to cope with Spectre and Meltdown
Earlier this week news broke of a pair of massive chip vulnerabilities dubbed Spectre and Meltdown (for an explainer see this post). We learned that the larger cloud vendors like Amazon, Google and Microsoft have been in touch with chip vendors and have been working behind the scenes to mitigate the vulnerabilities.
But what about smaller cloud hosting vendors like Linode, OVH and Packet who were not in the inner circle? How were they coping with it?
Details have begun to emerge. These companies left on the outside looking in have been forced to scramble to find answers for their hundreds of thousands of customers and to find ways to protect them from this massive threat. Executives from these “Tier 2” vendors began informally contacting one another when the news of the threats broke on Wednesday.
Much like the children’s book Swimmy by Leo Lionni, the companies realized by banding together they could behave like a much bigger fish.
“Then suddenly he said, “I have it!” “We are going to swim all together like the biggest fish in the sea!”
~ Leo Lionni, Swimmy
According to information provided by the companies, the contact began when Edouard Bonlieu, VP for marketing strategy at French hosting provider Scaleway, reached out to Packet CEO, Zac Smith about an information sharing arrangement. Bonlieu had already contacted fellow French provider OVH.
Eventually six cloud providers — Scaleway, DigitalOcean, Packet, Vultr, Linode and OVH — formed a consortium of sorts to help one another and share information. In order to make the process more efficient, they started a Slack channel with CEOs, CTOs and engineers from the various companies sharing information and fixes as they became available.
This approach has allowed them to get information much more quickly, taking advantage of modern enterprise communications tools like Slack. “Not being part of the select group that received advance notice of Meltdown and Spectre, we’ve been playing catch up. Banding together with the folks at Scaleway, OVH and others has allowed us to short circuit a painfully slow game of telephone and provide our customers with as much detail as possible as they try to understand where and how their systems may be vulnerable,” Nathan Goulding, Packet’s SVP of engineering explained.
Yann Léger, SVP at Scaleway added, “We discovered these vulnerabilities in the press before the full disclosure and started to put pressure on manufacturers as fast as we could to fully understand the situation. Working with other cloud players is one of the best decisions we’ve made so far to mitigate the issue in the most accurate way,” he said.
The companies also sent out tweets and wrote blog posts to keep their customers updated with the latest information they had.
This was a case where cloud companies that normally compete hard with one another had to work together for the good of all in the true spirit of cloud computing cooperation. The large vendors have a direct pipeline to the various parties providing patches, fixes and detailed information. The Tier 2 vendors didn’t have that luxury and this level of cooperation appears to be helping them cope with an extremely difficult situation.
Note: We learned after we published this story that three other vendors —Nexcess, prgmr.com, and Exoscale — also joined the Slack channel after the original six referenced in this article.
Featured Image: Johanna Parkin/Getty Images
Your discussion on the potential policy implications of this issue adds a valuable dimension to the analysis.