Edge cloud computing provider the cause of mass outage - The EE

Edge cloud computing provider the cause of mass outage

The UK Government, alongside the Financial Times, the Guardian, and New York Times, Verge, Reddit and Twitter, to name a few, recently had issues with their websites following a problem that stemmed from their cloud computing provider, Fastly.

Fastly is an Edge Cloud provider. This means that their aim is to speed up the loading times of their clients’ websites, and to protect these websites from denial-of-service attacks, especially during peak times when attacks are higher. However, for an hour at 11:00BST on Tuesday 8th of June, the company had issues with its global content delivery network, causing major issues to the websites it supports.

It is estimated that even an hour’s worth of downtime could cost companies up to $250,000 (206,641.25) , and some lawyers think there could be compensation claims‘ reports the BBC.

What this really highlights is the blind trust that organisations place in cloud service providers. This brings into question the inherited resiliency risk that you acquire from cloud service providers. If there is a critical dependency, be sure that there is a Plan B, in case of failure or cyber incident. Where possible protect yourself contractually with SLA’s and assurances from your service provider on their resiliency and DR procedures.

So far, this specific issue seems to have impacted sites across Europe and the US. Fastly report that they have investigated the issue to restore impacted websites and to fix the original issue; “we have identified a service configuration that triggered disruption across our POPs (points of presence) globally and have disabled that configuration. Our global network is coming back online.”

What is clear, however, is that when so much infrastructure is put on a single source, on a single CDN or Cloud hosting company, when this source buckles, the disruption it causes is vast.

‘Liability for loss of service will probably be covered by the service level agreement with customers of paid-for cloud services but the agreements will typically not cover all losses sustained’ prof Rebecca Parry of Nottingham Law School.

‘They were lucky that this was a configuration error, and not a malicious attack. To reduce disruption, a Service Level Agreement (SLA) needs to meet the organisations requirements. This means that there needs to be a back-up plan to repoint services. There needs to be assurance regarding security controls. That way, organisations will know what data is cached, for the performance of their services.’ says, Chris Cheyne, CTO, SecurityHQ

Follow us and Comment on Twitter @TheEE_io

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close