Cloud Burst?

March 01, 2017, Jeremy Gibbons, AWS Channel Lead, Coalfire

The cloud can burst!? This week’s AWS service disruption showed us the importance of architecting a system to account for failure, and how to be successful when deploying your solution in the cloud.

Our unique position working with Cloud Service Providers as the leading Third Party Assessment Organization (3PAO) for the FedRAMP program provides a perspective that can help organizations account for service disruptions. Coalfire has facilitated and completed 2x more FedRAMP assessments than all other 3PAOs combined; which equates to 252 FedRAMP assessments, 75% of all assessments conducted to date.  As part of being an Amazon Web Services (AWS) Advanced Consulting Partner with Government Competency, we understand the importance of architecting robust and highly-available solutions.

A common misconception is that the cloud is “always up”. This is a dangerous falsity.  As the cloud is basically a group of servers and network infrastructure, it is still susceptible to errors and faults, and is therefore not always guaranteed to be up. This is why it is important to understand that loss of availability is always potentially imminent. AWS is upfront and transparent with SLAs about potential service disruptions.  AWS has also published multiple whitepapers providing best practices for mitigating the loss of a systems’ availability for end users.

At Coalfire, our cloud architects engage in designing for failure, security, and compliance from day zero.  Websites and services hosted on AWS can avoid being impacted by region-specific AWS issues in various ways.  For example, we have previously executed an active-active multi-region system capable of withstanding major disruption such as the one on 2/28/17. For that solution we levered AWS services including Route 53, S3 with cross-region replication, DynamoDB Streams and Elastic Load Balancing (ELB) for internal fault tolerance.

There is a silver lining in this dark cloud event. Consumers of AWS services have the opportunity to take some lessons learned, and rethink how they are architected in the cloud.

Jeremy Gibbons

Author

Jeremy Gibbons — AWS Channel Lead, Coalfire

Recent Posts

Post Topics

Archives

Tags

2.0 3.0 access Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff cloud CoalfireOne Compliance credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS