Informatica is aware of the recently announced Spectre and Meltdown security vulnerabilities. Several OS manufacturers and cloud providers, including RedHat, Microsoft, Amazon and Google, have introduced patches to work around these CPU hardware vulnerabilities. The National Cybersecurity and Communications Integration Center (NCCIC) has stated that the security patches for Spectre and Meltdown could diminish CPU performance by up to 30 percent.
In response, Informatica is offering both cloud and on-premise customers up to 30 percent more computing capacity for free, for a 30-day period as they evaluate their systems in response to the security vulnerabilities. We understand the impact of the security and performance concerns, and encourage customers to test their systems to understand what, if any, increase in compute power is needed to continue to effectively manage data workloads.
To activate the program, customers must contact Informatica Global Customer Support (GCS), to get temporary capacity relief while they evaluate these operating system patches. This notice describes Informatica’s response to these issues and will be updated as we learn more. For more information view the program overview page here.
INFORMATICA ENSURING SYSTEM PROTECTION
Informatica is pursuing all appropriate actions to ensure the protection of Informatica systems and services against the Meltdown and Spectre vulnerabilities including:
- Accelerating Informatica’s regular patching program to patch all systems and software as updates are made available from manufacturers and our supply chain partners.
- Evaluating and mitigating possible system, software, and cloud performance impacted by these vulnerabilities
ON-PREMISE SOFTWARE PRODUCTS
Customers of our on-premises products should refer to their IT departments for guidance on applying the appropriate OS patches and take a risk-based approach, including any security exposure and potential performance impact. Informatica R&D teams are currently testing these OS patches for any potential performance impact to our on-premises software. As we complete our evaluation, we will provide additional guidance on the Informatica Network site. Customers concerned with the potential impact to their hardware capacity should contact Informatica Global Customer Support (GCS), as per the instructions below.
Informatica cloud products run on public cloud infrastructure. Informatica teams are working closely with our infrastructure partners to update systems consistent with our internal security standards. We expect minimal customer impact while we apply patches to our cloud services; scheduled maintenance activities will be posted here.
Ensuring the availability, integrity and safety of our products and services is our utmost concern and is being handled with the highest priority across Informatica. Informatica is an active member in the IT-ISAC (Information Sharing Analysis Center), Cloud Security Alliance, Center for Internet Security, and leverages other industry & governmental partnerships to maintain a proactive and secure cyber protection posture. We will provide ongoing updates to this Security Advisory on the Informatica Network site, and we appreciate your cooperation in advance as we evaluate and remediate these issues.