Why cloud service providers are a single point of failure

Cloud computing has been a global megatrend for the past decade and enjoyed skyrocketing adoption, and there is no end in sight. As this transition continues, cloud services will assume a dominant position as IT innovators produce more efficient, flexible, and faster products. A forecast by analyst firm IDC estimates that total worldwide spending on cloud services will reach $1.3 trillion by 2025.

Digital transformation is happening more quickly than it otherwise might have because the COVID-19 pandemic has forced organizations everywhere to speed up their efforts and make remote working and collaboration a routine part of doing business. IT analyst firm Gartner notes that “simply put, the pandemic served as a multiplier for CIOs’ interest in the cloud.”

Consequently, the remote-work paradigm demands that global IP networks are constantly available and that companies safeguard their IT infrastructure and data assets from unauthorized access. However, a study conducted by insurance company Munich Re reveals that although almost everyone in the corporate world claims to be a fan of digitization, 81% of C-level respondents doubt their organization is adequately protected against cyber threats.

Systemic Risk
The use of cloud computing services is expanding, so it’s no surprise that the number and complexity of cyberattacks are also on the rise. Making matters worse is the fact that the global cloud market is essentially an oligopoly with a handful of providers dominating the space, creating systemic risk.

As organizations around the world turn to the cloud, the impact of a massive cloud failure is keeping IT managers awake at night. If a major cloud service provider suffers sustained downtime, the damage inflicted on its clients and partners could generate catastrophic financial losses. To cite an example of a non-digital disaster, the fire that crippled OVH’s data center in Strasbourg, France, caused more than $120 million in damages, affected more than 65,000 customers, and knocked off some 3.6 million websites worldwide. Another area of concern sits within the content delivery network space, where the centralization of Internet traffic in the hands of a few large providers can result in wide-ranging outages.

Denial of Service
There are multiple ways to attack a cloud service provider (CSP), and some of them combine multiple attack techniques (e.g., a distributed denial-of-service, or DDoS, attack, with malware and a ransom demand thrown in for good measure). As the name suggests, DDoS attacks are breaches designed to render resources or systems unavailable to users, often by bombarding them with excess traffic via botnets. Such attacks can result in crashes or error messages that leave servers inoperable. The reasons for launching these attacks vary. High-profile DDoS attackers like Armada Collective have employed this technique to extort banks and other institutions, but even a garden-variety hacker wannabe can purchase an attack for as little as $1 a minute and wreak online havoc.

DDoS attacks aren’t new, but they have evolved in complexity and grown in size. The website of the US Department of Homeland Security (DHS) states that “over the past five years the scale of attacks has increased tenfold. It is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale.”

To read the complete article, visit Dark Reading.