Thursday, October 19, 2017

Why Rising Outages Mean Days Without the Internet Could Soon be Reality

by Paul Gampe, Chief Technology Officer, Console Connect

Amazon’s AWS S3 outage is further evidence that days without the internet could soon be a reality for enterprises.

When AWS went down earlier this month, so did a host of other popular apps and sites including Quora, Business Insider, Giphy and team communications service Slack. As a knock-on effect, connected lightbulbs, thermostats and other IoT hardware were also affected. The AWS outage is proof that even best-in-class solutions can suffer downtime.

To say that one single outage, from one single cloud provider is symptomatic of the possibility of the internet being out-of-action for days at a time may seem alarmist. But consider this: Amazon S3 is used by around 148,213 websites, and 121,761 unique domains, according to data tracked by SimilarTech.

That’s a huge knock-on effect when you consider that all of these websites rely on the availability of Amazon’s systems to deliver their back-end capabilities. What’s even more alarming is that the AWS outage wasn’t even down to security, but human error. But regardless of the root of the problem, the lack of service is key.

And it’s indicative of where we’re heading more regularly, particularly from a security perspective.

Most of us experience internet outages on an individual – and generally irregular – level. Perhaps we’re unable to check in with friends on social media, stream a film or look up a recipe for a meal we’re about to cook. The inconvenience is frustrating, but the impact is limited.

2016 may not have been when many people first became aware of the vulnerabilities featured in the
underlying routing architecture of the public internet, but it remains a watershed year where these vulnerabilities became such prominent and repeated targets.

This yielded a wider impact on communities and businesses from large-scale internet outages, caused by deliberate and malicious cyber-attacks. As industries, services and governments have grown more reliant on the public internet, malicious characters have also grown more daring in their disruption. DDoS attacks have increased not only in frequency but in size; and experts predict that 2017 will see the rise of the feared terabit DDoS attack.

We are moving from an era where the internet’s underlying routing vulnerabilities were often accidentally triggered to one where they are now being actively exploited. And, as these attacks escalate in both number and severity, the damage they wreak will increase proportionately. Personal inconveniences will pale in comparison to the long-term impacts of widespread internet outages on enterprises and organisations. Just consider the possible outcomes of the following scenarios:

  • Financial markets in Europe and North America going dark
  • Cloud-connected utilities systems going off the grid
  • Hospitals losing connections to cloud-based patient data and reference materials

These scenarios, even if they last for just a few hours, will have dramatic and costly impacts at levels we are only now beginning to understand and appreciate – on businesses, on the economy and on people’s lives.

The goal for 2017 must be to find an appropriate alternative to the public internet, so that organisations are not reliant on a single source for their business to run smoothly and securely.

We can no longer rely on ‘hope and prayer’ as our connectivity and security strategy. This isn’t just imperative to businesses. Our personal and professional lives are already intertwined through technology, and as time goes on, these bonds will only become tighter. Just as the enterprise moving mission-critical apps outside of its internal network can open it to the failings of the public internet, and potentially become victims of those failings, the individual will become just as exposed to these same vulnerabilities. In other words, individuals have just as much skin in this game as companies do.

We need to find a practical alternative to the public internet. Thanks to software-defined interconnection technology, setting up direct connections to critical cloud services, vendors and partners is no longer an expensive, painstaking process. A network of private, secure connections that bypass the public internet and protect against the impacts of an outage is now just a few clicks away.

That means anyone who relies on a network connection to operate now has a viable alternative to the public internet. But, it also means that they no longer have an excuse to delay the critical steps required to protect against the inevitable outages that the internet will see from now on.