The high likelihood of falling victim to security compromises has led firms to adopt more digitally resilient strategies. Unfortunately, these measures do not address the ominous threat of natural disasters looming on the horizon. A myriad of business continuity solutions exist to mitigate the effects of natural disaster-induced downtime, but there’s no telling at the end of the day how digitally-dependent organizations will fare when catastrophic events of unprecedented proportions occur.
Recent natural disaster-induced outages serve to illustrate that most are not even poised to withstand events of moderate severity. For example, in 2014 Samsung suffered a massive fire in its South Korea Samsung SDS data center, disrupting mobile access to data stored in the cloud globally, as well as credit card services and other Samsung Smart devices’ cloud-dependent features.
A fire breaks out at Samsung’s SDS data center. Source: Skyworld / YouTube.com.
Stateside, 2012’s Hurricane Sandy unleashed floods and power outages on the NYC metropolitan area, wreaking havoc on major data centers in the surrounding regions. With providers such as InterNAP and Datagram flooded, the Huffington Post, Gawker, and BuzzFeed all suffered major outages. Only the latter was able to restore services due to its reliance on Akamai’s distributed content delivery network.
Prepping for the Big One
According to scientists, there’s a 1–3 chance that the “big one” will hit in 50 years. This would involve the rupture of the Cascadia Subduction Zone, an area seven hundred miles off the coast of the Pacific Northwest, beginning near Cape Mendocino, California and ending around Vancouver Island, Canada. An earthquake of unprecedented proportions with an estimated zone of impact covering 140,000 square miles would ensue, leaving the cities of Seattle, Tacoma, and Portland in shambles, among others.
The Cascadia Subduction Zone. Source: Wikimedia Commons.
Redmond-based Microsoft Azure and Seattle-based AWS — the two leading cloud providers by market share — are both seated in the epicenter of the would-be destruction. By and large, this makes for poor macro-scale redundancy.
Even if Microsoft and Amazon are able to maintain service availability, sudden increases in capacity demands triggered by companies migrating workloads to other AWS and Azure availability zones are likely to compromise performance severely. Vigilant organizations should therefore implement redundancy across both availability zones and cloud vendors as a crucial measure for digital resilience.
The Cost of Downtime
On its own, the cloud has always been prone to service interruptions, even without the help of natural disasters and data center fires. AWS outages attributed to load balancers in a single availability zone have taken down Instagram, Twitter/Vine, and AirBNB in the past; Microsoft Azure has suffered similar outages due to misconfigurations and bad code. And while the cost of downtime varies per organization/industry, service interruptions are expensive across the board — Amazon.com’s downtime famously cost it $66,240 per minute back in 2013. On an aggregate scale, businesses lose $700 billion a year to IT downtime, with network interruptions causing the majority of the issues, and natural disaster-induced outages of epic proportions undoubtedly pose an existential threat to countless large and small businesses alike.
A Black Swan for Cyber Risk
Cyber risk insurance coverage is instrumental to achieving digital resilience vis-à-vis natural disasters — traditional property and automotive insurance already account for such scenarios. Despite being inevitable, however, natural disasters are luckily few and far between. Insurance providers must therefore rely on tangible risk measures for determining a business’ survivability in the event of natural catastrophes. For example, has the business in question implemented proper digital resilience measures like multiple availability zones and multi-cloud deployments? Is the organization’s infrastructure designed to be adaptable and agile, or is it rigid and susceptible to breakage?
In short, nothing is immune to Mother Nature’s wrath — not even the cloud. However — like physical structures — cloud-based IT infrastructures can be designed to effectively withstand natural catastrophes, in addition to the barrage of cyber attacks and data breaches that befall the average firm daily. UpGuard’s platform for digital resilience quantifies this, providing both the requisite visibility for determining security risk as well as pragmatic measures for improving one’s digital resilience posture. Our CSTAR scoring system determines the insurability of IT assets using information regarding an infrastructure’s actual configuration state and testing habits, among others, enabling insurance companies to develop optimally-priced, customized policies per firm.