Posted October 25, 2016
Friday, October 21, 2016 was a wild day for netizens, particularly for social media and cloud users in eastern North America.
Dyn, a Domain Name Service (DNS) provider based in New Hampshire, experienced the largest distributed denial of services attack (DDOS) known so far. In three separate attacks on Friday, the Internet became unusable for a large portion of North America, and a smaller portion of Europe.
Dyn provides DNS management for over 6 percent of the Fortune 500, with a particular emphasis on new technology companies. A DDOS attack is similar to an Atlanta morning traffic jam. Imagine a large portion of cars on the Internet highway around the world, all decide to go to Atlanta at the same time. But to make it interesting, they all head to the same fast food drive up window first to grab some food for the road. This creates a massive backup line as Dyn tries to service requests, blocking out legitimate traffic.
A new twist – the Internet of Things
A new and scary note was the use of hacked “Internet of Things” such as web cameras and home automation devices to perform the attack against Dyn. Not only are these devices not normally built with any degree of security, but also, there is little motivation on the part of the manufacturers to fix these flaws as they don’t affect personal information like they would on your home computer. As a result, attacks like this may be here to stay.
The Dyn event was a wake-up call for call centers around the world. While the news outlets focused on the social media impact, it was noted that cloud services from companies such as Salesforce, Microsoft, Workday and others were also affected, directly or indirectly. These companies provide many of the contact center tools used by companies both in-house and with their business process outsourcers.
Whatever the motives of the attackers, the event put on display a key weakness of cloud security: Your application cloud provider may have fully redundant infrastructures in place, but their provider of services may not have the robust infrastructure to maintain their services, creating the Achilles’ heel observed.
Ask the right questions, and build a plan
In this world of interconnected services via the cloud, contact center managers and professionals should treat these events as one would with any type of major real-world storm or other natural disaster. What are your backup processes and technology in case your cloud application goes down? Can your cloud service providers provide alternate links in case of an outage? What is the speed of your response to these events, given that many times they come with no warning? Should additional cross-skilling be considered between call center locations?
At TELUS International, while several of our clients were impacted, we managed to weather the storm because we have tested business continuity practices baked into every BPO engagement. That said, no one was perfect on Friday, and it was a good reminder, even for us, to go back and review our continuity and recovery plans with our clients and importantly, their downstream providers. In any case, this was a wake call, and I’m sure many will come out stronger because of it.
This article shares just a sample of the questions that should be put together in collaboration with your internal technology teams, your cloud providers, and your business process outsourcer to ensure that your customers don’t feel like they’re left in the cloud.