What if a Major Cloud Platform Goes Down?

Steven J. Vaughan-Nichols
3/9/2018

How bad could a major public cloud outage be?

What if, say, Amazon Web Services Inc. or Microsoft Azure went belly-up for a few days. How bad would it be?

Jaw-droppingly bad. Loosely paraphrased, that's the conclusion of insurance giant Lloyd's and risk modeler AIR Worldwide's report on what would happen if a major public cloud provider went down.

To be exact, "An extreme cyber incident that takes a top cloud provider offline in the US for 3 to 6 days would result in economic losses of $15 billion and up to $3.5 billion in in insured losses." That would leave a mark on even the biggest company.

The Fortune 1000 aren't the ones who would be taking it on the chin. Smaller companies, "who are more likely to use cloud provider services -- would carry a larger share of the economic and insurance losses than Fortune 1000 companies," Lloyd's and AIR said. By their estimate, "businesses outside the Fortune 1000 would carry 63% share of economic losses and 57% of insured losses."

That's a business killer. So make sure your cloud Service Level Agreement (SLA) covers what you think it does. You do not want to find out the hard way that your coverage doesn't really cover you.

The precise breakdown of costs looks like this:

  • Manufacturing would see direct economic losses of $8.6 billion;
  • Wholesale and retail trade sectors would see economic losses of $3.6 billion;
  • Information sectors would see economic losses of $847 million;
  • Finance and insurance sectors would see economic losses of $447 million;
  • Transportation and warehousing sectors would see economic losses of $439 million.

Service firms are especially sensitive to damage, according to previous Lloyd's research with KPMG International and DAC Beachcroft, which shows that "services firms are particularly vulnerable to the reputational impacts of a cyber attack where service disruption can have an immediate effect on clients, leading to customer churn, loss of competitive advantage and loss of revenue."

Business insurance companies would be in deep trouble too. "A major cloud failure would significantly impact the insurance industry, and our research has shown that such an event is plausible. The findings from this report show that while the cyber insurance industry is growing, there's still a significant gap in cyber coverage," Scott Stransky, AIR Worldwide's assistant vice president and principal scientist, said.

But, how likely is such a cloud doomsday scenario? Trevor Maynard, Head of Innovation at Lloyd's, explains, "Clouds can fail or be brought down in many ways -- ranging from malicious attacks by terrorists to lighting strikes, flooding or simply a mundane error by an employee."

But I'm skeptical. I'm not a highly paid insurance executive, but I do know a little bit about clouds.

Sure, cloud regions and even availability zones (AZ) can go down for the reasons Maynard cites. But an entire cloud system? I don't think so.

To crash an entire cloud, no single physical attack can do the job. A hack based on a fundamental architecture problem could do it. While the Meltdown and Spectre chip vulnerabilities do have that potential, it's hard to see that happening.

To quote the Latin phrase beloved of cop shows, "cui bono" -- who benefits? It's hard to say who would benefit by taking down an entire cloud.

No, if you want to worry about an entire cloud going under, then you need to worry about far bigger problems. Such as, say, the United States and North Korea lobbing nukes at each other. If that happens, we'll all have bigger worries than how our cloud provider is doing that day.

That said, you need to be aware of your risk to cloud failure. Even a day without access to your cloud region can be damaging. Make sure you're protected by having your cloud run in more than one AZ and by making sure your SLA and business insurance is able to protect you against this more realistic worse-case scenario.

Related posts:

– Steven J. Vaughan-Nichols has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast Internet connection, WordStar was the state-of-the-art word processor, and we liked it!

(7)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Phil_Britt
Phil_Britt
3/22/2018 | 10:29:13 PM
Unlikely, But....
As you point out, much would have to go down for an entire cloud service (like AWS) to go down, but, as someone who had three 100-year storms in my first 15 years in my home, I know that worst-case scenarios can and do happen. That and keeping a vendor on its toes is a good argument to have a couple of cloud providers.
maryam@impact
[email protected]
3/15/2018 | 11:33:17 AM
Re: Think possible
While any technology can suffer major issue I would hope that these major cloud services have disaster recovery plans in place and planned time to roll over so that businesses that work with them are not shut down. Someone who has negotiated a contract would know for sure. When I do business with any vendor I  have a clear understanding of their disaster recovery process and how it would be handled. I can't believe either of these large businesses is completely vulnerable.
Joe Stanganelli
Joe Stanganelli
3/14/2018 | 3:53:41 PM
Re: Think possible
@Michelle: At the same time, don't think that hackers (particularly nation-state-backed groups) aren't working on this very capability. It may take a while considering the rapid development and deployment of network virtualization, but providers will still have to work -- and innovate -- hard to stay a few steps ahead of the bad guys.
Joe Stanganelli
Joe Stanganelli
3/14/2018 | 3:52:00 PM
Re: Think possible
@kq4ym:

> That's the gambler's dilemna, how much to bet on such an event not knowing the odds of it happening.

Having recently re-binged the US version of The Office, I think this quote by Kevin Malone says it all: (link)
Joe Stanganelli
Joe Stanganelli
3/14/2018 | 3:46:41 PM
What if the sky falls?
Sure, small outages happen, but an entire cloud takedown? That's about as likely as any of the world's top companies suddenly going bellyup (which, granted, almost happened around the time of the 2008 crash).

Seems to me that the most likely scenario for a major cloud platform going entirely bust is a Carrington Event -- and if that happens, we'll have a LOT more to worry about than the mere $15-20bil. in losses Lloyd's estimates.

P.S. -- Good to see Sjvn writing for Enterprise Cloud News!

kq4ym
kq4ym
3/14/2018 | 2:39:00 PM
Re: Think possible
This surely is one of the classic Black Swan events that one can't predict but should be very aware of an outlying event like this actually happening and be prepared for it. That's the gambler's dilemna, how much to bet on such an event not knowing the odds of it happening.
Michelle
Michelle
3/9/2018 | 3:22:08 PM
Think possible
Are we looking at a probable sci-fi thriller plot? I think we are... 

Considering what it might take to pull down a whole service like Amazon's, it would have to be done in the realm of fiction (or so we hope).
Featured Video
Upcoming Live Events
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events