The recent Amazon Web Services (AWS) outage revealed a surprising web of internet dependency on this mostly rock-solid service. The AWS cloud is a combination of hundreds of services deployed in differing combinations throughout the world.
Many organisations have selected the AWS cloud as it allows them on-demand rapid scaling of services and to only pay specifically for the pieces they use in very small time slices. Amazon disclosed that this outage was the result of a simple mistype of a command involved in the Simple Storage Service (S3) subsystems used for S3 billing processes. S3, one of the oldest and most critical AWS services, is an inexpensive service that is commonly used to store web images, and other data.
The outage highlighted how many high-profile organisations rely on S3 for storage. For example, some Apple iCloud services exhibited symptoms, the popular messaging platform, Slack, couldn’t upload chat attachments (images, documents, etc), Nest security cameras, and a large number of small to medium businesses suffered effects such as broken images, or unavailable backups.
The ripple effect of this outage was observed from the smallest start-up using AWS to build new, innovative applications and ideas, to the largest enterprises using AWS to elastically grow. The transparency gained into the reliance on S3 by these errors provided detail on how dependent many organisations are on AWS for storage, backups, or just delivering web content.
The outage revealed that many internet services providers do not plan for these disasters despite heavy reliance on cloud providers.
To mitigate this risk companies should look to the cyber insurance market where help is at hand. Cover for outages at third party service providers carrying out services for or on behalf of the insured (contingent business interruption) is typically provided in a policy.
This article was written by Rob Driscoll of Crypsis, JLT’s Cyber Risk Consortium partner.
Download Cyber Decoder
For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on firstname.lastname@example.org