Most of us are aware of the latest, well-publicized event where an edge cloud provider, Fastly, experienced an outage, which took many of its customers, to varying degrees, offline for nearly an hour.
The problem was with their content delivery segment (Fastly is a content delivery provider (CDN). In fact, it is the seventh-largest CDN provider, behind Google, Cloudflare, F5, Amazon CloudFront, and jsDelivr). Its issue affected major organizations such as Amazon, Reddit, The Guardian, ZDNet, Twitch, PayPal, The New York Times, even the U.K. government’s website.
In this case, it ended up being a configuration error that rippled through their system when one of Fastly’s customer made changes their settings. This exposed a bug in a recent software update from them. It was just one of those weird occurrences that can happen when a particular set of circumstances come together and exposes a vulnerability.
But it could just as easily have been a malicious attack mounted by bad actors. The takeaway is that cloud networks have the same vulnerabilities as any other network, which takes the bloom off of the rose that cloud networks are impenetrable (or in this case, infallible). It also exposed a concern of how, in this case, the Internet’s dependence and resilience, in particular, is in the hands of a handful of companies. However, that is a topic for another missive. There are a couple of other issues of greater significance that need discussing.
One of them is liability. We will talk about that a bit further on. Another is security. While this was not a security breach, per se, the fact that a customer can change a setting and the effect worms its way back to the main core suggests that a malicious attack might not be all that difficult to accomplish.
The second is trust. Not the trust platform within the hardware and software, but what seems to be blind trust companies have in their belief that cloud services are a safe haven for managing data and apps and can be trusted implicitly.
On the trust issue, there have been warnings that the cloud, the edge, or other remote host, is not the cement-encased entity cloud providers want you to believe. And, while this particular case involved mostly Internet-based operations, this can easily happen to the wireless sector, especially with 5G where edge clouds stand to be a major component of the overall network. This should be a shot across the bow of the carriers and other mobile network operators (MNOs) that using cloud providers is not necessarily a guarantee that their networks will be bulletproof.
One can argue that this was happenstance. That is a valid argument. But the overarching concern is that something got changed downstream and it rippled upstream. It does not matter than it was innocent. It exposes the fact that systems and networks, edge and otherwise wherever are fallible. And for businesses to assume that cloud networks are infallible is not good business thinking.
On the security side, edge networks have some rather challenging security issues. What will amplify these issues is the expected proliferation of edge networks, both for the infrastructure (Internet) and 5G.
A major complication is that each device in an edge server represents a potentially vulnerable endpoint. When it comes to connected devices, the majority applying edge computation will be mobile. Devices such as laptops, tablets, smartphones, eventually vehicles, bicycles, even individuals will all be part of that (enterprise and consumer). How to securing all of that is a major concern, especially with a part of them relying on the end-user for security. Implementing exchange of data, security, access to cloud/Internet, and many other features when in a moving state has not been fully vetted. Plus, there are still all of the issues that come with a diverse collection of hardware – security and otherwise.
Add to that the Internet of Anything/Everything (IoX), which is notorious for its lack of robust security, and it is a part of every network, wired and otherwise. There is also the issue of smaller data centers and embedded devices, which may or may not be running the latest security updates or not designed in accordance with security measures, or updated regularly, if at all.
Finally, as if security, reliability, compatibility, interconnect and all the rest are not enough, what about liability? In the case of the consumer, there is likely to be little fallout. So, what if your streaming video or social media channel is out for a bit. There has rarely been any situation where the provider has been held liable for any losses.
However, in the case of the enterprise, that will not likely go that way. It is estimated that the losses of a one-hour outage for a major organization can run into hundreds of thousands of dollars, even more for fast-paced environments such as the stock exchange or international companies. So, expect to see this issue begin to bubble up.
In the end, no matter what, outages are a way of life. They will always be with us in spite of our best efforts to avoid them. So astute organizations will learn from this and, if they have not already, implement a plan B. That may be a backup cloud provider or bringing things in-house until the cloud issue is resolved.
This is only going to get worse, regardless of what the cloud players claim. As has been the case from the first day a byte of data went online, good judgment begets a good backup plan. Remember, there are only two types companies in the world – those that have lost data, and those that will.