most some, I stewed in front of my workstation yesterday from about lunchtime EST onward, unable to access some of our cloud-based applications. In my particular, I was working on a FormSite project that was stopped cold due to the another Amazon S3 outage, since FormSite is homed in the troubled US-East-1 datacenter.
I linked you to that Wired story for the hyperbole. A casual reader would think there’s a real cause for panic here, but in truth there’s really not much you’re able to do about these incidents, which fall somewhere in a bottomless chasm between negligence and unavoidable acts of nature.
My internet acquaintance @swiftonsecurity (we follow each other, I can say that) said this yesterday:
.@MikeIsaac An 8-hour outage in the cloud is better than a business-ending server failure running software nobody supports
— SwiftOnSecurity (@SwiftOnSecurity) February 28, 2017
I think it’s important we keep this perspective.
Not to mention the total impact yesterday, across the ultra broad global universe of solutions that leverage S3, was not of world-ending magnitude. Again, you’ve signed up for a best-of-breed service. A lot of other people did too. Scale happens.
As for attribution or root cause, there seems to be none so far. There is a weak claim circulating that this was a malicious act, but I won’t propagate any of those sources because they’re too soft right now.
Really the one thing you can do in this case, if you’re an enterprise that leverages a number of diverse cloud-based offerings, is to make a really really good ecosystem diagram of your services.
Not only should you already be mapping what you have out there, and the data exchanged, and the data transport methods, and the audiences, and the authentication methods, but you should be noting where that service is parked and who really powers it. This will greatly improve your understanding of your (likely growing) portfolio of 3rd party cloud-based services.
At a glance, you’ll be able to see how many eggs you have in each basket, hopefully down to the geography (ask your provider for those specifics). In the end, you may not be able to do anything about that – presumably you’re buying services because they’re really good, not just because they’re nearby.
But you’ll at least better understand the enterprise impact of an outage like the S3 drama. And if you appear to be really heavily invested in solutions that leverage S3, maybe you take a better look at spreading that risk. Maybe you say, hey we already have too many Amazon-resident apps, this next effort needs to be homed somewhere else.