This week’s troubling news on “Meltdown” and “Spectre” — the Central Processing Unit (CPU) bugs — is generating uneasiness for global consumers, including Smartsheet customers. While details are still emerging, we can confirm that there is no evidence of these exploits being used against Smartsheet. We are constantly evaluating technical details as they become available, taking appropriate actions, and continuously monitoring for malicious activity. We are also working closely with our technology partners to ensure risks are being properly addressed. These measures, along with our data center architecture, further mitigates these bugs from being exploited.
What Do Our Customers Need to Do?
That said, there is one aspect of this that Smartsheet can’t control — the PCs and mobile devices used to access the Smartsheet application. We would like to remind you that data is only as safe as the least-secure computer on which it is found. We strongly recommend that you stay current with the latest operating system patches and updates to protect yourself against exploits like Meltdown and Spectre. Check with your device manufacturer and your operating system provider for updates.
What Is Smartsheet Doing Moving Forward?
The revelation of these flaws diminishes consumers’ trust in computers to keep their data safe and secure. At Smartsheet, we take that trust very seriously. We will continue to monitor the discussions and bulletins issued by the major technology providers, and take every action we can to keep your data safe.
For more information on the two vulnerabilities, I recommend you look at the following:
- https://spectreattack.com/ contains a number of links to the details of the exploits, as well as links to the responses by various companies involved.
- Google’s ProjectZero page is one of the canonical sources of information on Meltdown and Spectre and has links to the academic papers that describe each, as well as a deep detailed technical analysis on how they work.