April 23, 2011

Amazon Crashes: Oh No; More on Third-Party SLAs


The sky is falling!

Or maybe it’s just the clouds… regardless, this week’s crash of Amazon’s Elastic Cloud Compute (EC2) - is simply incredible. One of the largest and most reliable cloud providers in the world DIED. Redundancies failed. And, unfortunately this calls into questions many cloud services and what this means to the future adoption of these very beneficial technologies.

This brings me back to a few more third-party SLA elements that I overlooked in my previous post after the Epsilon breach. I read a recent Mashable article that points to the repercussions of this episode, and what it means for many cloud or SaaS startups – things you should consider before even thinking about engaging with them:

  1. The importance of having a multi-tenant architecture that is fully redundant is underscored.

    The article cites that “most startups don’t have the time or resources to engineer for multiple cloud systems.” If I’m spending my company money on a SaaS provider I’m going to be asking about their redundancy and get reassurances that those will not fail when I need them most.
  2. Is their architecture ISO 27001 certified?

    This important international standard evolved from BS 7799. ISO 27001 requires that organizations: Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities and impacts; Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis

Now, I know security is different from resiliency, but by going through the intense ISO certification process companies are illustrating an investment in the platform that is critical to ongoing performance. Also, don’t forget to ask about historical uptime from any providers (especially startups) and a check with their reference customers is absolutely mandatory . You absolutely need this combination of security and resiliency guaranteed if you don’t want to be called into the bosses office the next time one of your providers goes down, because, this incident proves it CAN and WILL happen.

If it can happen to the largest providers, who have presumably made significant investment in resiliency – you can be sure that it WILL happen to small and start-up providers. Make sure you ask the questions – and check out my other third-party SLA tips here. Any other tips to add? Feel free to include in the comments below....(read more)


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.