There’s no doubt that you heard about, and were probably affected by the Distributed Denial of Service (DDoS) attack on domain registrar Dyn last week. It was a devastating attack that took down services like Spotify and Netflix along with business cloud services like Box and Zendesk for a time on Friday.
What this means for the cloud
Even though the attack wasn’t on the cloud services directly, it involved a key service that every website uses called the domain registry, which quite simply translates the name we type into the browser into the website’s IP address. All of this happens very quickly in the browser, so the website or cloud service you’re using appears in split seconds.
There was a high level of frustration when users went to do their work and found a key service wasn’t working. Of course, such things happen internally too, but in this case it was a highly public take-down of a bunch of key services by attacking a third-party service.
In fact, many of the sites involved were technically still up. One site published its IP address on Twitter (which was itself down for a time because of this outage) and if you entered it directly into your browser, you could still access the site.
Such outages tend to resurface the argument about whether the cloud is secure or not. First of all, let’s be clear that there was no direct breach of any cloud service through this attack. It was perpetrated on a utility service many of them use. For users, the result of not being able to access the tool was the same, but in a very real sense the sites themselves were safe and sound.
Some of the companies on AWS were affected, and shortly after the attack began, rerouted the Dyn DNS traffic to another similar service and all was right with the world, at least for them.
Jassy says cloud still safer
Coincidentally, AWS cloud head Andy Jassy happened to be appearing the Wall Street Journal Digital event on Friday and with the outage happening as they spoke, he was asked about cloud security. As you would expect, Jassy put a positive spin on it.
As he said, cloud companies like AWS put a huge emphasis on security. Notice, the attack didn’t come on AWS directly. It came on a third-party service provider and the company was able to deal with it more quickly than most because it has the resources to put bear on a problem like this.
Jassy said, even though this attack wasn’t on AWS or any cloud service provider in a direct way, he pointed out that most companies don’t place a high priority on security. That’s because they are focused on their business at hand and IT tends to be just a service. In Jassy’s worldview, the company can outsource all of that to his company (or a competitor) and let them worry about it.
For users, who were put out of service for a time on Friday, it surely was annoying and proved the value of these services to our businesses, but it didn’t show anything about cloud security. It showed the vulnerability of the internet at large, and that is going to have an impact on everyone regardless of your computing choices.
Photo Credit: markusspiske on Pixabay. Used under CC0 Public Domain license.