iCloud goes down: Live by the service, die by the service

Credit to Author: Jonny Evans| Date: Tue, 22 Mar 2022 08:04:00 -0700

Each time we experience an Apple iCloud, Spotify, Slack, Verizon, Google, Peloton, or any other form of server-based outage, we’re reminded that everyone should have multiple layers of backup to maintain data and work to ensure key services still work when servers go down.

Apple’s big outage on Monday allegedly saw Apple Store staff enduring failure in their internal business software. To track sales and requests they had to use pencils, paper, and a little concentration. At one point, images circulated on social media that purported to show store staff attempting to keep track of transactions while Apple’s server-based systems were offline.

Apple’s store business seems to be a server-led affair, and that’s perfectly fine. When you consider the well-oiled nature of the company’s supply chain, its operations teams most surely need to maintain a watchful eye over where product is moving through the system.

Data analytics in retail is used in far more ways than stock management. But getting deep and dirty with information gathered in stores — particularly for a multinational and omnichannel operation such as Apple’s — helps companies quickly identify and respond to product faults, security vulnerabilities, fraud, seasonal sales preferences, and more.

Such digital efficiency is why companies invest in server-based systems, though in Apple’s case it appears the company may not have put quite enough emphasis on system redundancy.

Think about it this way. What happened with iCloud affected a slew of the company’s services. App Store, Music, Arcade, Apple Pay, School Manager, AppleCare, iCloud Mail, iMessage, iTunes Store, and iWork for iCloud were all hit.

It appeared that up to 28 of Apple’s public services (and an unknown number of its own internal systems) may have been affected. The outages were resolved relatively swiftly, but did expose Apple’s lack of service-level guarantees around its consumer-facing online products.

When shopping for enterprise-focused cloud services, SLAs are among the first things IT purchasers need to see. That so many services were impacted suggests Apple may not have built enough redundancy; what should happen is if some services are impacted, others are not, because systems either automatically switch to backups, or they serve up different functions from different places, maintaining quarantine. It’s worth noting that the problem may emanate from a third-party server supplier Apple sometimes uses.

Eagle-eyed viewers will note that the problem emerged as the US and EU governments warned business users to tighten their security to protect against any state-sponsored digital attacks as the crisis following Russia’s aggression in Ukraine continues to escalate. Authentication services provider Okta reported a digital breach today, which might relate to this threat environment.

We don’t know whether Apple had a security problem. It seems unlikely, as a Bloomberg report claims the company told employees it involved domain name system/DNS problems. The extent of the error suggests those problems may have been severe.

This makes it possible an upgrade to an internal system or service went wrong, or that errors crept in as new servers were added to Apple’s network. Apple may be enhancing existing services or inserting the foundations for a new and unannounced service. Perhaps an attack attempt was made, though Apple hasn’t said so.

In a sense, why the outage happened doesn’t matter. What does matter is what it tells us about preparing for incidents of this kind.

Merely because a problem isn’t likely to occur doesn’t mean it never will. That’s why any company that relies on cloud-based systems should ensure they have contingency plans in place to guide consistent management when systems fail.

This is particularly the case in an environment of heightened online security risk. At this time, every enterprise should already be putting backup systems in place to handle the consequence of any successful attack.

It’s the smart thing to do — and consumers should embrace similar strategies.

iCloud should be one of several ways in which a person’s information is secured. Regular monthly, weekly, and daily backups using Time Machine, external drives and/or highly secure alternative file storage services online should be part of every person’s backup routine. Box, Dropbox, OneDrive, Egnyte, iDrive, pCloud, and others all offer free or fee-based storage options where you can back your data up.

Services are harder to replace, but as a rule it makes sense to ensure your essential business systems continue to work when offline, even if only partially.

While it seems inevitable that intelligence will eventually move from being server-based to becoming edge-based, it’s a journey that will take time — even Siri is only recently becoming more capable of working offline.

Meanwhile, if you live by the cloud-based service, you’ll die by the cloud-based service. So, it’s wise to build in redundancy and develop contingency plans to be as prepared as you can be when disaster strikes.

After all, if Apple’s own business systems can fail, so can those you rely on. You should already know what you’ll do when, not if, they do.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

http://www.computerworld.com/category/security/index.rss