With Halloween just around the corner, the usual seasonal mix of ghosts, goblins and ghouls is top-of-mind for many.
But if you asked cloud admins what their biggest scare was so far in 2018, you’d likely get a very different response.
From security breaches to data center outages that went bump in the night, here are three events this year that sent a chill down cloud admins’ spines.
Meltdown, Spectre cause major security fears
Not even a full month into 2018, cloud admins got their first big scare of the year: the Meltdown and Spectre security flaws.
The two vulnerabilities affected Intel, AMD and ARM chips, which power a wide range of computers, smartphones and servers – including servers within the data centers of major cloud computing providers, such as AWS, Azure and Google.
To quell customers’ fears, these providers moved quickly to issue statements, and implement the necessary patches and updates to protect the data hosted on their infrastructure. AWS, for example, issued a statement the first week of January that said, aside from a single-digit percentage, all of its EC2 instances were already protected, with the remaining ones expected to be safe in a matter of hours.
Ultimately, while cloud admins still had to perform some updates on their own, the providers’ swift response to implement patches and take other steps against the vulnerabilities went a long way to mitigate the risks.
Service outages leave users in the dark
No one likes when the lights go out — and cloud admins definitely don’t want to be left in the dark when it comes to their IT infrastructure. But during a stormy night in September, a data center outage took nearly three dozen Azure cloud services offline, including the Azure health status page itself.
While Microsoft restored power later that day, some of its cloud services remained non-operational up to two days later. To prevent a similar scare from happening again, Microsoft has looked into more resilient hardware designs, better automated recovery and expanded redundancy.
That said, Azure users weren’t the only ones haunted by an outage this year. In May, Google Compute Engine (GCE) network issues affected services such as GCE VMs, Google Kubernetes Engine, Cloud VPN and Cloud Private Interconnect in the us-east4 region for an hour. Additionally, in March, AWS’ S3 in the U.S.-East-1 region went offline for several hours due to human error during debugging.
The cold chill of compliance requirements
In May, the GDPR compliance deadline loomed over cloud admins whose businesses have a presence in Europe. Many were definitely spooked by the regulation’s new compliance requirements, and feared facing hefty fines if they failed to meet them.
Admins needed to assess their cloud environments, find appropriate compliance tools and hire staff, as needed, to meet GDPR requirements – all by the May 28 deadline. The good news? Any company who felt like a straggler in terms of meeting those requirements, certainly wasn’t alone.