How bad could a major public cloud outage be?
Jaw-droppingly bad. Loosely paraphrased, that's the conclusion of insurance giant Lloyd's and risk modeler AIR Worldwide's report on what would happen if a major public cloud provider went down.
To be exact, "An extreme cyber incident that takes a top cloud provider offline in the US for 3 to 6 days would result in economic losses of $15 billion and up to $3.5 billion in in insured losses." That would leave a mark on even the biggest company.
The Fortune 1000 aren't the ones who would be taking it on the chin. Smaller companies, "who are more likely to use cloud provider services -- would carry a larger share of the economic and insurance losses than Fortune 1000 companies," Lloyd's and AIR said. By their estimate, "businesses outside the Fortune 1000 would carry 63% share of economic losses and 57% of insured losses."
That's a business killer. So make sure your cloud Service Level Agreement (SLA) covers what you think it does. You do not want to find out the hard way that your coverage doesn't really cover you.
The precise breakdown of costs looks like this:
- Manufacturing would see direct economic losses of $8.6 billion;
- Wholesale and retail trade sectors would see economic losses of $3.6 billion;
- Information sectors would see economic losses of $847 million;
- Finance and insurance sectors would see economic losses of $447 million;
- Transportation and warehousing sectors would see economic losses of $439 million.
Service firms are especially sensitive to damage, according to previous Lloyd's research with KPMG International and DAC Beachcroft, which shows that "services firms are particularly vulnerable to the reputational impacts of a cyber attack where service disruption can have an immediate effect on clients, leading to customer churn, loss of competitive advantage and loss of revenue."
Business insurance companies would be in deep trouble too. "A major cloud failure would significantly impact the insurance industry, and our research has shown that such an event is plausible. The findings from this report show that while the cyber insurance industry is growing, there's still a significant gap in cyber coverage," Scott Stransky, AIR Worldwide's assistant vice president and principal scientist, said.
But, how likely is such a cloud doomsday scenario? Trevor Maynard, Head of Innovation at Lloyd's, explains, "Clouds can fail or be brought down in many ways -- ranging from malicious attacks by terrorists to lighting strikes, flooding or simply a mundane error by an employee."
But I'm skeptical. I'm not a highly paid insurance executive, but I do know a little bit about clouds.
Sure, cloud regions and even availability zones (AZ) can go down for the reasons Maynard cites. But an entire cloud system? I don't think so.
To crash an entire cloud, no single physical attack can do the job. A hack based on a fundamental architecture problem could do it. While the Meltdown and Spectre chip vulnerabilities do have that potential, it's hard to see that happening.
To quote the Latin phrase beloved of cop shows, "cui bono" -- who benefits? It's hard to say who would benefit by taking down an entire cloud.
No, if you want to worry about an entire cloud going under, then you need to worry about far bigger problems. Such as, say, the United States and North Korea lobbing nukes at each other. If that happens, we'll all have bigger worries than how our cloud provider is doing that day.
That said, you need to be aware of your risk to cloud failure. Even a day without access to your cloud region can be damaging. Make sure you're protected by having your cloud run in more than one AZ and by making sure your SLA and business insurance is able to protect you against this more realistic worse-case scenario.
- Amazon Web Services Outage Caused by Typo
- AWS S3 Goes Down, Internet Snow Day Declared
- Google Apologizes for Cloud Outage, Offers Refund
- Gremlin Looks to Bring 'Chaos Engineering' to the Masses
– Steven J. Vaughan-Nichols has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast Internet connection, WordStar was the state-of-the-art word processor, and we liked it!