What Does The Recent AWS Outage Mean For IAM?
On Tuesday June 13th, Amazon Web Services (AWS), Amazon’s cloud computing division, suffered a significant outage. This interruption, which stemmed from an issue with a service known as AWS Lambda, disrupted various major websites.
Effects of the AWS Outage
What would your business do if critical systems were unavailable for hours?
For businesses relying on Amazon Web Services (AWS), this was a reality for over four hours on June 13th. While the outage was quickly resolved, many businesses were affected. The Metropolitan Transportation Authority’s website and app were down, impeding transportation in New York City. Southwest Airlines tweeted about the difficulties some customers faced when accessing their website. The Boston Globe could not publish high-priority news surrounding Donald Trump’s court appearance in Miami.
Many other businesses noted authentication issues and sign-on errors for employees and customers.
Preparing For an Outage
When an outage occurs, a company’s business continuity and disaster recovery plans (BCDR) are tested.
While these concepts are often discussed in conjunction, they perform different but essential functions. Business continuity focuses on keeping a business operational during a disaster event. Disaster recovery focuses on returning business operations to normal. Both plans are necessary to ensure minimal disruptions during an event and a quick recovery time.
During normal operations, Identity and Access Management systems (IAM) provide businesses with a reliable way to manage user accounts and identities. But when disaster strikes, IAM systems are impacted. This was especially evident in the AWS outage due to the authentication and sign-on errors customers noted.
To minimize these issues, an effective BCDR plan should consider IAM.
Including IAM in Your BCDR Plan
When including IAM in a BCDR plan, there are two significant considerations.
First, evaluate which accounts and services are essential and formulate a plan to support business continuity for these accounts and services. Then, consider a method for identifying the outage and returning business systems to normal. Using multi-region support, redundant systems, regular back-ups, and security best practices are all effective ways to ensure business continuity and minimize disaster recovery time.
AWS Outage and The Importance of Redundancy
The June 13th outage was not the first issue AWS experienced. In particular, the US-EAST-1 service has been especially problematic. This site experienced outages in November 2020, September 2021, December 2021, and was the location of the most recent outage. In an attempt to increase availability, Amazon created a new AWS support console in August of 2022. This new console utilized regional redundancy to ensure AWS support was always available. However, all support tickets for North America were fed through the US-EAST-1 site.
So when this site went down on June 13th, many customers could not contact support, further exacerbating outage-related issues.
The Importance of a BCDR Plan
The recent outage of AWS affected many businesses and customers.
It emphasizes the importance of creating a BCDR plan and not solely relying on provider availability.
Additionally, it illustrates the importance of redundancy to avoid a single point of failure. No matter the providers a company uses, it’s paramount to create a BCDR plan and include IAM in this plan. A BCDR plan should not be a static document. Regular reviews should be scheduled so the plan can be updated to reflect changes in business needs and applicable systems.
Depending on your business needs, partnering with a cloud service provider can ensure greater availability than your business alone can provide. A cloud service provider can also provide additional support during an outage to ensure faster disaster recovery. The most recent outage of AWS put many businesses’ BCDR plans to the test. For businesses without such a plan, it is a stark reminder that an outage can occur anytime. It’s essential to be prepared.
Is your BCDR plan ready for an outage event?
