By Peter Groucutt, managing director, Databarracks
The DDoS attack on AWS highlights a common concern with cloud computing – you are putting all your eggs in someone else’s basket.
We assume that AWS, Microsoft and Google have more money, skill and resources to throw at IT security than any individual company could. That makes their clouds more secure than on-premises IT could be. But, as IT is consolidated into a small number of clouds, that increases risk and attracts a different breed of cyber-criminal.
In the non-cyber world, crime ranges from opportunistic to organised and skilled. There are petty thieves who steal from newsagents and there are professional criminals who rob banks and diamond vaults in Hatton Garden.
There are unskilled criminals deploying pre-made ransomware kits and there are professionals targeting big-game.
This is also mirrored in the cyber world. There are unskilled criminals deploying pre-made ransomware kits and there are professionals targeting big-game.
As more businesses and services are run on a small number of cloud providers, it centralises the risk of IT downtime and operational disruption. When you look at the cloud supply-chain, you really see the scope of the problem. You might be using software hosted on these clouds without knowing it.
An AWS outage in Feb 2017 affected services like Spotify, Dropbox and Trello. A 2018 outage affected Atlassian, Twilio and Slack. A vast proportion of internet services could become inactive if one of the providers suffers a major outage. On the rare occasions we do see major cloud failures hundreds or thousands of its customers are affected. This poses a significant threat to supply chains and must be effectively planned for.