Anaplan Security: Meltdown and Spectre - 1/22/18 Update

January 22, 2018 Update

Anaplan has been analyzing and monitoring the effects of Meltdown and Spectre vulnerabilities as described in the following Common Vulnerabilities and Exposures:




 

Since the vulnerabilities were disclosed, we have been patching systems for internal use, including the latest updates to systems that run the Anaplan platform in our secure data centers. We will be testing and preparing to deploy infrastructure updates to production environments containing customer data as well as continuing to monitor and ensure that all internal systems connecting to Anaplan production are protected. We will keep you informed at status.anaplan.com as these updates to our infrastructure are rolled out in the coming weeks.

Sampath Gomatam
Vice President, Product Management

 

January 8, 2018 Update

The Security and Operations teams are currently completing a remediation plan, based on patches supplied by Intel, Redhat, Apple, Microsoft, Amazon, and Google. We are actively working on updates and are expecting more fixes from vendors in the coming weeks.

In addition to implementing these patches in our systems, our security specialists are continually monitoring the Anaplan production infrastructure to guard against suspicious threats.

 

Original Message on January 4, 2018

Dear Anaplanners,

As you will have seen reported in the mainstream news, two serious security vulnerabilities have been identified that affect CPUs used in the large majority of computer systems and servers worldwide. Known as ‘Meltdown' and ‘Spectre’, these vulnerabilities are industry-wide and impact a large proportion of computer services including SaaS providers, like ourselves.

We would like to assure you that we are taking all available steps to safeguard our platform and Anaplan customer data. Our Security Operations and Security Engineering teams are monitoring the information that is released around the affected hardware, and we have evaluated Anaplan’s exposure.

We intend to patch these vulnerabilities, and expect to have our patch remediation plan finalized in the coming days. Once available, we will provide updates via email communications and the Anaplan Community post below regarding the next steps.

We take platform and customer security very seriously, and will continue to monitor and address these security threats as they arise.

As always, please feel free to reach out to us with any questions or concerns by clicking the Reply button below to respond directly to this post.

Check back here for future updates, or Subscribe to this post using the Options menu > Subscribe above.

Answers