Zscalers Cloud-Based Cybersecurity Outages Showcase Redundancy Problem

  /     /     /  
Publicated : 23/11/2024   Category : security


Zscalers Cloud-Based Cybersecurity Outages Showcase Redundancy Problem


While fewer cloud providers are suffering outages, customers should prepare for the uncommon event, especially when relying on cloud services for security.



When cybersecurity software-as-a-service offerings are impacted by an outage, it can result in a significant disruption, especially if the service protects business-critical portions of a firms infrastructure. 
In the past two weeks, for example,
outages
at cybersecurity services firm Zscaler resulted in latency, packet loss, and outages for some businesses. On Oct. 25, a traffic-forwarding issue
caused disruptions
and packet loss to some of the cybersecurity providers regional customers. The previous week, the company
warned clients
that they could experience packet loss due to damage to a transoceanic cable near France.
Unfortunately, many companies werent prepared. Took down entire company for several hours this morning, one IT security engineer
said on Twitter
of the impact on his firm.
While outages of any cloud service can have a dramatic impact on business operations — an Amazon Web Services outage in December 2021
took down swaths of the web for hours
, for example — cyberdefenses often have a favored position within a companys infrastructure, making an outage more impactful. A business software-as-a-service (SaaS) application typically only impacts its own user base, whereas cybersecurity SaaS services can often have impacts across applications.
A Zscaler spokesperson stressed that the impact of the outages were limited, affecting only one of the five clouds and only one of the firms service offerings. In addition, only a small subset of customers encountered any degradation of services. But the situation points out that companies need to be prepared for such outages, even if rare, says Merritt Maxim, vice president and research director for security and risk at Forrester Research.
Zscaler is not the first cloud outage and won’t be the last, either, he says, adding: Cloud products and services are not necessarily more susceptible to outages than on-prem equivalents, [but] the issue is often that because of this perception, organizations do not properly assess all possible causes of cloud outages and develop mitigation plans in response to these threats.
Indeed, the Zscaler incidents are not unique. In October 2020, an
outage affected Microsoft Azure AD
, the companys SaaS identity and access management service, blocking businesses and users from connecting to their applications. A year later, a
six-hour Facebook outage
blocked many users —
including some businesses
— from using the companys single sign-on technology and slowed many websites when scripts relying on the companys service failed to run.
Overall, there has been a reduction in the number of significant outages among cloud services, with 60% of operators saying that they have had an outage in the past three years, down from 78% in 2020, according to
survey results published by the Uptime Institute
.
And compared with on-premises cybersecurity software and appliances, cloud-based services are nonetheless more reliable, says Jim Reavis, CEO of the Cloud Security Alliance, an industry organization.
Mature cloud providers, including those with cybersecurity offerings, operate much like public utilities that provide on-demand services to large customer bases, he says. They are generally very reliable, which is why their intermittent failures, like public utilities, are newsworthy.
For that reason, the two disruptions weathered by Zscaler stand out — as does companies unpreparedness for them.
Things will happen as long as humans and nature are involved, says Misha Kuperman, senior vice president of cloud operations and ecosystem at Zscaler. He adds, With the right tools, we can deliver more reliability and work around such incidents, as we have done on multiple occasions.
Businesses also should ensure that they realize the cloud security and reliability is a shared responsibility model. Cloud providers — including cybersecurity services based in the cloud — are responsible for their infrastructure, but companies should architect their cloud or hybrid infrastructure to handle outages.
Companies that know their cloud vendors architecture will be better prepared for outages, says CSAs Reavis.
It is important to understand how the provider achieves redundancy in its architecture, operating procedures including software updates, and its footprint of global data centers, he says. The customer should then understand how that redundancy satisfies their own risk requirements and if their own architecture takes full advantage of the redundancy capabilities.
Business customers should also regularly re-evaluate their technology landscape and risk profile. While network and power failures — and natural disasters — used to dominate resilience discussions, malicious threats such as ransomware and denial-of-service attacks are often more likely to dominate discussions today, says Forresters Maxim.
Understanding the evolving risks and their respective impact on business is an imperative to prioritize the risks that youd want to mitigate, he says. A business impact analysis conducted with internal teams allows you to create tiers for application criticality that help determine if the default resilience of cloud services is enough — or if you need a more robust solution.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Zscalers Cloud-Based Cybersecurity Outages Showcase Redundancy Problem