Garmin's ransomware attack is another example of the cloud's single point of failure
In a previous post, I discussed how cloud and on-premises infrastructure are not mutually exclusive options, even in 2020 where cloud adoption continues to grow. While cloud has a lot of benefits for smaller IT departments and remote staff, it also has the inherent weakness of a single point of failure: an internet connection. Cloud services rely on a connection to the cloud service provider, and if that connection is severed due to internet loss or systems outage on the provider's datacenters, the service will become nearly or completely unavailable.
The ransomware attack on Garmin's systems in July caused many of its services to be offline for five days while the company worked to restore service. The outage was exacerbated by fact that Garmin's fitness app, Garmin Connect, is almost entirely inoperable without an internet connection. As a result, I was not able to record any health metrics or track my runs on my Forerunner 230 until systems were brought back online. Had Garmin designed the Connect app to function offline and sync data up to the cloud, I would have been able to continue tracking health data on my phone on a limited basis during the outage.
This was just one of many examples where the cloud's single point of failure, an internet connection, became an issue. I'm sure many of us also have anecdotal examples of times we've lost our Spotify or Pandora stream while driving through a rural area with limited cell service. Many IT professionals have also experienced times where ISP service outage has resulted in loss of access to cloud SaaS and PaaS platforms. While these are not necessarily reasons to abandon the cloud, it does reveal the need for mitigation measures to ensure acceptable levels of availability to these resources. These can range from installing a secondary internet line to deploying on-prem solutions to give IT more control over maintenance of the services. Whichever solution is chosen, it is important for companies to understand the risks of outages and have a business plan prepared to address these issues when they arise.