Activate DR plans now
AWS ME customers who haven’t already implemented comprehensive DR responses need to activate their plans immediately, advised Brad Lassiter CEO at IT services company Last Tech. “Customers need to failover to other regions and availability zones and check DNS and routing rules. Lower time to live (TTL) wherever possible so that the network can change traffic patterns as needed,” he said, adding that enterprises also need to shift to manual operations to verify high value transactions.
Those businesses looking for legal remedies to recover costs from the outages may be disappointed, said Frank Jennings, partner at HCR Legal, a lawyer specializing in cloud law. “Most AWS users probably didn’t check their SLA for outages caused by drone strikes! Nevertheless, most cloud SLAs will expressly exclude from their uptime commitments any downtime caused by events outside the provider’s reasonable control (a ‘force majeure’ event), including natural disasters, acts of terrorism, or war,” he said.
He said, however, that definitions of “force majeure” are often vague. “Its scope depends on the specific wording of the clause in question,” he noted.
Jennings advised AWS customers (and users of other hyperscalers’ services) to check their contracts, and not to “treat cloud service agreements as low-risk commodity purchases.” The force majeure clause, the SLA exclusions and the limitation of liability provisions all warrant close scrutiny at the point of contracting, he pointed out.
Re-evaluate cloud plans
The ME attacks will certainly force many organizations to rethink their plans going forward, Kale observed. “Most enterprises pick cloud regions based on latency and pricing” he said. “Almost nobody runs a geopolitical threat model against their region selection the way they’d run a capacity model. This week proved that your cloud region is a geopolitical decision whether you treat it as one or not.”
He noted that AWS’s own guidance is telling customers to do what they should have architected for from day one: have workload portability across regions, keep remote backups stored outside the blast radius, and have application-level traffic steering that doesn’t depend on the affected region being reachable.
