On December 15, 2021, AWS servers and data centers across its US-WEST-1 and US-WEST-2 regions went down, affecting an enormous number of users. This was the first in a series of multiple outages for these regions, which created connectivity and availability issues for AWS customers and users. In addition, services like Zoom, Okta and Salesforce that relied on these regions were also down, ultimately impacting business operations for companies worldwide.
When cloud servers go down, it’s more than just annoying. It’s also potentially dangerous. When servers are down, guards are down as well. The confusion, lack of information and inability to easily communicate, combined with non-operating security controls, can lead to chaos and turmoil. Cyber attackers can exploit such a situation through a variety of methods. Unless they are extremely careful, organizations could be subject to heightened security risks during these times.
Here are a few ways organizations can become vulnerable during cloud server downtime:
Non-functioning Security Controls that Create Risk
Organizations that depend on cloud-based security measures are rendered shieldless if cloud infrastructure is unavailable. When the cloud server goes down, so does the service.
For example, if an organization uses a VPN vendor or service that is based on AWS, and AWS servers crash, the organization no longer has a VPN. This means that users will either not be able to access the network – creating connectivity issues – or that users will be provided insecure access to the network and its data, which attackers can exploit as well.
In addition, some security controls operate through local agents that report to a centralized command center in the cloud. In case of downtime, attacks will be prevented but the organization will lack visibility and data about them – and might not even know they occurred!
Phishing Attacks that Exploit Confusion
When servers are down, employees and users immediately begin looking for solutions that will let them keep working the way they are used to. Attackers can exploit this confusion by sending phishing emails related to the outage and containing malicious links. For example, “informing” employees to click on a certain link as a way to gain access to back-up services.
Employees Exposing Data Externally
When services are down, employees are pressured to continue working. Therefore, they find alternative, non-secure methods to communicate. This includes saving documents on third-party sites like DropBox, sharing items through their personal email or connecting to public Wifi. These methods could potentially expose confidential data if these public networks are not as secure as the company’s internal one. As a result, attackers can more easily access sensitive corporate information.
3 Questions to Ask Your Security Provider About Cloud Infrastructure
Security vendors that are dependent on a single cloud provider or region are vulnerable to its stability. They are only as reliable as the cloud vendor they depend on. For you and your organization to be secure, you need a security provider that:
- Provides all services
- Is available at all times
- Doesn’t lose any information
This means you need to find an infrastructure-agnostic security vendor that supports all clouds without relying on a single one of them.
Here are three questions to ask your security provide to ensure this level of security and stability:
1. Which cloud providers do you work with?
Does your security vendor rely only on AWS, Azure or GCP (or any other)? Make sure your security vendor doesn’t work only with one cloud provider. Instead, ensure cloud redundancy by choosing a security vendor that provides services across all clouds. That way, even if AWS goes down, you will still get security services that are based on another cloud provider.
2. Can you automatically switch between cloud providers and regions?
Having the ability to work with multiple cloud providers is not enough. There also must be a mechanism in place that enforces automatic switching should the need arise. By ensuring that the security provider automatically switches between cloud providers, you can rest assured that even if a certain server goes down, you will continue to receive service with zero downtime and without losing a packet of information.
If, on the other hand, the switching takes place manually, then there could be a gap between the realization that the cloud server is down and when the security service is back up and running on another cloud provider. During this time, you are vulnerable to attacks and could be losing valuable information.
Automatic switching is also important between regions across the same cloud provider. When a server fails, automatically transferring service to another region ensures zero downtime and a seamless experience for you, the security provider’s customer.
3. Can you operate on your own infrastructure?
Occasionally, when a certain cloud server is out, an organization will want its security vendor to operate independently, without relying on any cloud. In such a case, the security vendor needs to have its own backbone, which will enable it to continue to perform and protect its customers. To ensure your security is not dependent on any cloud provider at all, ask your vendor if they can provide this element of service.
Zero Trust and Cloud Provider Redundancy
Zero trust is a security mechanism that protects critical applications by authorizing users through methods like SSO and MFA. No user is permitted access to any application until they are authorized. To ensure your zero trust solution is operating at all times, choose a vendor that:
- Provides zero trust across AWS, Azure, GCP and all cloud providers
- Automatically switches between regions and cloud providers to ensure zero downtime
- Has its own infrastructure and can provide services without any cloud provider
The Cyolo ZTNA 2.0 solution meets all these criteria and more. To learn how we can improve both security and productivity at your organization, schedule a personalized demo.