This year’s ‘biggest breach’ articles were an unfortunate roll call of tech giants and prominent cloud providers, from IBM and Apple, to GitLab and AWS. CNN termed 2017 the ‘year that nothing seemed safe’, as it explored how businesses and public sector organisations alike were let down by security failings. While Uber, understanding the public scrutiny that cyberattacks attract, tried to pay off its hackers, only to cause further problems.
The growing issue for tech firms is that most of these lists and round-ups go beyond discussing financial losses that reach into the hundreds of millions. They also readily showcase the potential fallibilities of cloud. And how vulnerabilities in cloud services and businesses can disturb the working lives of customers across the world.
Every single time a cloud outage happens, end users are let down, service is disrupted and reputations are damaged. So as cloud changes and becomes an integral part of the ecosystem of every major global business, it’s vital that providers stop the tide of damaging outages, and place as much emphasis on availability and backup for customers as they do growth and acquisition. That is tomorrow’s cloud battleground.
The evolving cloud market
Cloud provision is a vast and growing market. Forrester estimates that it’ll be worth $178 billion in 2018 (up from $146 billion in 2017) and things are getting fiercely competitive. For all that, it remains the case that AWS is dominant, with some experts predicting ownership of approximately 35% of the market. Meaning that prominent incumbent brand name providers and ambitious newcomers are all competing for comparatively small portions of the pie.
This explains the ambitious business growth and customer acquisition plans many providers have been executing over the past couple of years. A spate of recent mergers (including ANS acquiring Webantic and McAfee taking on Skyhigh) demonstrates how leading tech firms are trying to diversify their cloud offering and strengthen their arm in a market that’s demanding more and more.
The question everyone involved in cloud has to answer, however, is how do you support the customers who are already on board?
Hits and losses
Last year Verizon suffered a breach that resulted in the personal data of six million customers being leaked online. The cause? A misconfigured setting on a cloud server owned by a third-party.
That’s six million people (potentially more) unhappy with Verizon. Then Verizon itself unhappy with a vendor. And the media swirling around all of them, with questions aplenty and blame to apportion.
Similarly, when GitLab suffered a database outage, 5,000 projects and 700 customers were affected (according to their own postmortem statement), causing huge problems for a sizeable chunk of the provider’s user base.
The problem for CSPs is that expectations around the quality and availability of cloud services are on the rise. Countless individuals and businesses are placing their trust in specialist cloud service providers, and they expect their data, tools and applications to be stored securely and available precisely when they need them to be.
The upshot of those expectations is that errors, such as those encountered by Verizon and GitLab, quickly become viewed as unacceptable. Businesses let down by cloud partners are liable to take their custom elsewhere. While individual customers who suffer availability issues and have projects derailed by issues with their CSP are likely to do the same.
Breaches, outages and hacks can quite easily lead to the flight of enterprise and SME customers (particularly as provider switching gets easier and competition fiercer). So it’s up to CSPs to ensure that their service will not let customers down.
Better backup, better cloud
As it becomes more important to differentiate in the cloud provision market, one of the primary areas a CSP can sell itself is in making assurances about service availability, data protection and backup. In other words, removing the risk of things that let customers down and make the news in the process (as much as possible).
For example, were Verizon’s unfortunate cloud partner to have had a cloud backup solution decoupled from its primary infrastructure, perhaps the human error that led to the six million user leak might not have had such profound consequences. Similarly, had GitLabs’ data been supported by an immediate database recovery solution, those 5,000 projects might have remained on track. While, on the smaller end of the spectrum, if HitChat’s cloud tier had been better supported, service disruption might not have been so bad after the service was hacked.
Of course, it’s easy to provide wisdom with hindsight. But these counterfactual examples of what might have been are all about giving CSPs the best chance to survive problems with their service in the future. And helping them to retain the customers they have worked so hard to acquire.
In the simplest terms, we can’t do anything about the hacks that continuously disrupted 2017 now. However, we can learn from them, so that 2018’s ‘biggest outages’ lists might be harder to compile. And when the solution to so many of the biggest challenges in technology is simply harnessing the power of cloud backup to support cloud provision, it seems foolish not to take some positive action.