It’s been a rough couple of weeks for the internet. First, Google researchers revealed a serious vulnerability that was causing private data to be leaked from some websites supported by Cloudflare. Then, other Google researchers announced that they had broken the popular encryption algorithm SHA-1. Finally, just when you thought your faith in the internet couldn’t sink any lower, an Amazon data center in Virginia started having problems Tuesday, causing major outages for a number of sites that rely on the company’s popular Amazon Web Services infrastructure.
At this point, we practically expect that whatever personal information we enter into websites will be stolen. But this is different. These incidents point to weaknesses in some of the most ubiquitous and trusted brands (and algorithms) in technology—thousands of organizations and millions of people rely on Cloudflare, Amazon Web Services, and SHA-1 every day. And, in fact, part of the point and promise of using cloud computing services, like Amazon Web Services, is to ease the burden for every individual company owner and website operator.
Cloud computing essentially means using servers that are provided and managed by a company, like Amazon, Microsoft, Google, or Oracle, to store and process your data. It’s popular for lots of reasons—for one thing, it gives customers a lot of flexibility in terms of how much computing power and storage they need because these massive cloud providers can pretty easily scale up their resources to meet periods of heavy demand or use. This makes for more efficient (and even, potentially, more sustainable) use of computing power, since thousands of different users can share the same set of servers. It also means that those users can outsource a lot of their security, reliability, and maintenance concerns to their cloud provider. So instead of thousands of individual website operators trying to secure individual little caches of user data and keep their sites up and running, you end up with thousands of websites all relying on Amazon to do those things for them.
On the whole, from a security and reliability standpoint, this is usually a good thing. Amazon, like most other major cloud providers, has invested in both resources and very talented security engineers to ensure that its infrastructure is well protected and resilient. Without a doubt, it does a better job at providing security than most of their customers would be able to do on their own.
But nobody’s perfect, and when you’ve got thousands of customers all relying on a single service provider and something does go wrong, it’s no longer a small isolated incident. Instead, it’s huge swaths of the internet suddenly becoming inaccessible, as they did on Tuesday.
In the wake of that outage, some people were quick to point out that the internet was deliberately designed to be decentralized specifically so it would not have single points of failure that could take out huge parts of the network. Centralizing everyone’s computing in the massive data centers of the major cloud service providers means that those companies do, indeed, become single points of failure. Very secure, reliable single points of failure, for the most part, but certainly not infallible ones.
So does cloud computing make the internet more secure and reliable? Yes and no. The individual customers of Amazon Web Services is probably less likely to get compromised or experience outages than they were when they were handling those issues on their own. That means fewer small-scale security and reliability problems affecting individual businesses and being handled by relative amateurs. (Incidentally, it also probably means fewer ripe targets for the amateurs of the criminal world. You probably won’t get far taking on an Amazon or a Microsoft unless you know what you’re doing.)
On the other hand, even as the smaller-scale, more distributed outages and interruptions decrease, the potential for really widespread, crippling problems that affect millions of people simultaneously will grow. Those problems probably won’t be frequent because we’ll be in good hands—but we’ll all be in the same hands, which creates some new risks.
That’s not to say cloud computing makes for a less secure or reliable internet than a very decentralized one. On the whole, it raises the level of protection for everyone—and makes the work of adversaries considerably harder by forcing them to try to outsmart very savvy companies that have a lot of resources to devote to security. But it also means that on the rare but inevitable occasions when those companies fail us it may feel like the entire internet is under siege.