This year continued to bring headwinds for Intel (INTC, Financial) as the chipmaker disclosed three more security flaws Tuesday that can compromise data in a system’s memory. Researchers hailing from KU Leuven in Belgium, alongside others, have found that the latest flaw – codenamed foreshadow – enables attacker to steal information stored on PCs or third-party clouds.
The latest vulnerability is considered to be the next generation of speculative execution attacks like Spectre and Meltdown, especially posing a risk to cloud infrastructure. The next-gen version of attacks primarily affects virtual machines (VMs) and hypervisors (VMM). Cutting edge processors from Intel including the eighth generation Coffee Lake and Xeon server processors are affected by the newly discovered security flaw.
“Once systems are updated, the expected risk to consumer and enterprise users running non-virtualized operating systems will be low. This includes most of the data center installed base and the vast majority of PC clients,” said Intel in a blog post on Tuesday.
The market doesn’t look fearful as Intel’s stock is down merely 1% since the news broke yesterday. Advanced Micro Devices (AMD, Financial) – the turnaround chipmaker – is up around 1% since yesterday.
A risk to Intel’s enterprise market share
Despite market’s non-reaction, this development might have long lasting effects, especially on Intel’s server business. The new flaws mainly affect virtualized operating systems, which are the heart of operation in cloud infrastructure and general data-center infrastructure. It’s not reassuring that Intel is saying that the security risk will be minimized for “users running non-virtualized operating systems,” meaning that virtual machines will continue to be at risk unless a microcode (hardware-based) update follows through. Put simply, the latest vulnerability doesn’t look good as far as Intel’s enterprise market is concerned.
Here are the key implications, at least in the short-term
- Additional cyber security headaches for data centers, including higher costs.
- Impact on the performance on several workloads, resulting in further cost inflations for Intel’s data-center and cloud infrastructure clients.
- A PR disaster for Intel that can affect future sales to enterprise clients.
Performance penalties in a virtualized environment
Data center and virtual application server providers will have to rethink their hardware-buying decisions due to continuing headaches with Intel’s processor security. Security flaws lead to continuing updates and compliance costs, which is one of the drivers for enterprises to rethink their hardware-buying decisions. Updates to counter security flaws also add to the total cost of ownership in terms of performance penalties, which forces the IT infrastructure industry to reconsider its capital expenditure decisions.
The latest flaws in Intel’s chip can reduce workload performance by 20% in java-based application servers while reducing the performance by an astonishing 31% in end-to-end performance of virtualized platforms.
Note that SPECJbb 2015 evaluates Java application servers while SPEC virt_sc 2013 is a benchmark used to measure the performance of virtual platforms. The chart above shows that updates and measure to mitigate the risk of an attack can result in a performance penalty in java-application servers and virtual workloads. Moreover, the updates can also affect database performance as is evident from the HammerDB benchmark, which tracks database performance. In short, cost bumps and performance penalties can motivate Intel’s clients to re-consider their hardware purchases going forward
It is worth mentioning that the global application server market is expected to grow at a CAGR of 17% from 2016 to 2020 to reach $24 billion by 2024. In 2016 more than 76% of organizations were using virtualization in some way. Another report forecasts the data center virtualization will grow at CAGR of 16.5% during 2017 to 2021. This indicates the chip security threats exploiting virtualized machines can have an adverse material impact on the market share of Intel.
The bottom line is that the latest security flaws are not good news for Intel as vendors will turn to AMD due to performance penalties of using an Intel chip. Given that virtualization is a big part of servers market, a material-loss isn’t beyond the realm of possibility as far Intel’s enterprise and data center market share is concerned.
In defense of the big blue
The recent flaws haven’t stopped the bulls from defending Intel. Some argue that these vulnerabilities are a short-term headwind that can’t be fixed with microcode. Others are saying that these attacks are impractical given the complexity of carrying out such an attack.
Regarding the short-term vulnerability argument, it’s important to note that the security flaws aren’t going to stop surfacing unless Intel radically changes the design of its processors. Speculative execution attacks have the ability to evolve over time and may require constant updates. “We ran our code with the mitigations in place, and the attack didn’t work. But what does it mean? It's good for our set of tricks, but we cannot attest to something else," said Daniel Genkin, one of the researchers who unveiled the foreshadow flaw. In short, the latest security flaw shouldn’t be considered as a one-time event. After all, it’s an extension of earlier flaws including Spectre and Meltdown.
As far as complexity of a foreshadow attack is concerned, it’s irrelevant as enterprises have to deploy mitigation measures even if the attack is complex to deploy, and updates unusually eat up resources and penalize performance. Therefore, the complexity of attack doesn’t mean that costs of security won’t go up for the clients of Intel going forward.
What’s the takeaway?
Speculative execution attacks are becoming a norm at Intel as is evident from the next generation flaw – foreshadow. Persistent security flaws will eventually make Intel’s data center clients rethink their silicon buying decision due to the performance penalties, especially in the virtualized environment.
AMD is set to be the primary beneficiary. The chipmaker is on track to sample 7nm EPYC server chips, which will be superior in performance and less prone to speculative execution attacks compared to Intel’s 14nm processors. Overall, AMD/Intel appears to be a nice pair-trade as things stand now.
Disclosure: I have no positions in any stocks mentioned and no plans to initiate any positions within the next 72 hours.
