The Outlook is Broken Clouds
Cloud computing has long been hailed as the future of software and infrastructure supply and there is no avoiding its reach. Most of the online services we know, and love, are cloud based. One fact that is not so commonly known, however, is that Amazon, via its subsidiary Amazon Web Services (AWS) is the market leader in the supply of cloud related services. Whilst the numbers are somewhat hard to come by, it is estimated that AWS controls up to 50% of the entire cloud. In essence AWS has a monopoly on cloud computing.
On 1st March, though, the perils of such a position became all too clear. AWS updated its S3 service (Simple Storage Service) and, in doing so, brought a significant part of the internet down. Current estimates are that in excess of 150,000 websites and services stopped working, or experienced very slow performance. This including very high profile services such as Strava (the fitness activity site with over 1 million daily users) and Quora (the knowledge sharing website) as well as Amazon’s own Alexa service. Somewhat ironically, the dashboard that controls the S3 service failed, as it was hosted by the AWS cloud.
The outage lasted around 4-5 hours – a lifetime on the internet. The amount of revenue that subscribers to AWS’ S3 service will have lost during the downtime will, almost certainly, have run into the hundreds of millions of dollars, if not more. Not only that it is likely that some of the services affected will, as a result of the downtime, have breached contracts they have with their customers, exposing them to claims from those customers.
It is often only when something goes wrong do we look at our arrangements and wonder what could have been done differently to mitigate against any such problem. There is a well-used adage of “nobody got fired for hiring IBM” and the same can be applied to AWS. It’s the pre-eminent cloud infrastructure provider, so no one in procurement will ever be fired for appointing AWS as a supplier, over a smaller, less known, cloud service provider. Of course, what these services are now finding is that there is likely to be no recourse against AWS for the downtime, so these companies are going to have to bear the liability burden, even though they had no control over the cloud service and whether or not it was running.
There are some lessons that can be drawn from this, though:
- Know what you are signing up for before you sign up for it. This involves understanding any service level guarantees offered by the service provider (a common guarantee will be guaranteed uptime and service credits for failing to meet the uptime guarantee);
- Tailor your customer contracts to ensure that you are only liable to the same extent that your cloud provider will be liable to you in the event of a problem. This way, you will not be left carrying liability for breaches that you cannot recover from your cloud provider; and
- Look at appointing more than one supplier and “mirroring” your setup across the two providers. In the event of a problem with one provider, the second service can be brought online, mitigating the downtime you suffer and the potential losses incurred.
As AWS rightly pointed out, as the biggest provider of cloud services any downtime they suffer is done so in a very public sphere. There is no doubt that AWS’ uptimes are still amongst the best and will continue to be so into the future. This does act as a stark reminder, though, that even the best are fallible and too much reliance on your suppliers can put you at risk if something goes wrong.
If you have any queries or concerns about any of your supply chain arrangements, whether physical or in the cloud, please do not hesitate to get in contact with Matt Jackson, associate solicitor in the Corporate and Commercial Department, who will be more than happy to help.