An Amazon Web Services (AWS) outage on Monday highlighted what experts call the dangers of centralizing the world’s online ecosystem into the hands of a shrinking number of tech companies. Thousands of apps and websites went dark, exposing the fragility of the internet — not just from technical glitches, but also from coordinated cyberattacks.
“Relying on a handful of major cloud providers creates serious vulnerabilities across the internet, putting whole economies and the pillars of civil society at risk,” Raphael Auphan, chief operating officer of the privacy company Proton, told Straight Arrow News. “AWS has become a single point of failure for countless businesses and essential services.”
AWS, which provides web-hosting services and storage space to an estimated 76 million websites, is believed to hold 30% of the world’s cloud infrastructure market share. Microsoft’s Azure controls around 20%, while Google comes in at 13%. In total, the three companies make up more than three-fifths of the market.
The outage, caused by a Domain Name System (DNS) error, affected services such as Slack, Snapchat, Duolingo, Hulu and Grubhub. DNS is often described as the phonebook of the internet, allowing web browsers to load websites by translating URLs, such as Google.com, into machine-readable IP addresses.
‘Concentration risk’
The internet’s backbone isn’t just vulnerable to errors. Experts warn that malicious actors could take advantage of the internet’s reliance on major cloud providers.
Unbiased. Straight Facts.TM
Amazon Web Services controls about 30% of the world’s cloud infrastructure market, while Microsoft controls 20% and Google controls a further 13%. Together, the Big Tech companies control three-fifths of the market.
“It would be relatively straightforward to take a large part of the internet offline, but it would be difficult to disable the internet entirely, as the entire way the fundamental protocols of the internet work is to route around damage,” Harry Halpin, chief executive officer of NymVPN, told SAN. “Yet most of the internet, with the exception of China and Russia, is centralized to a few large cloud providers like Amazon and Google, as well as content delivery networks like Cloudflare and Akamai.
Alexander Chamandy, founder of the information technology company Envescent, also believes “it’s easier than what many may suspect” to severely cripple the internet.
“That is to say, when you have a lack of companies diversifying their cloud presence, you have greater concentration risk,” Chamandy told SAN. “That risk played out during Monday’s outage due to a simple DNS problem internally at Amazon.”
“Could a sophisticated threat actor, such as a foreign government or organized crime group, facilitate a similar outcome?” he said. “Yes. It’s theoretically possible, whether that is through a DDoS (distributed denial of service) attack, breach to cripple critical systems, or even a kinetic attack on infrastructure.”
Critical sectors affected
AWS is used by many critical sectors, including finance, air travel, health care and government agencies. Coinbase, Delta Air Lines, Robinhood, United Airlines and Venmo were just some of the notable services affected on Monday.
Auphan, the COO at Proton, also expressed concern that the major cloud providers are all U.S.-based.
“This outage gave a glimpse of the worst-case scenario and how easily the ripples from an outage can spread globally, with disruptions across health care, banking and transportation, highlighting the danger of our global dependence on U.S. technology,” Auphan said. “Simply put, when the whole world relies on tech from a tiny number of offerings, from one country, then the whole world is vulnerable.
“The only answer for the U.K., Europe and elsewhere,” Auphan said, “is to prioritize digital sovereignty, in other words, to develop their own native services.”
While much of the attention has been placed on the major services taken offline by the outage, Auphan warns that smaller companies, which may not have the financial ability to recover, are much more vulnerable.
“Small and medium-sized businesses, unlike well-resourced corporations, are among the most at risk in these situations,” he said. “Large corporations with teams of engineers, IT specialists and well-funded communications departments can often weather the storm. But when these meltdowns happen, smaller companies that rely on the likes of AWS or Azure simply have to cross their fingers, hope for the best and pray their customers will not walk away.”
The post AWS outage shows fragile internet is vulnerable to errors, attacks appeared first on Straight Arrow News.