Confidentiality Is a Critical Component of Cybersecurity, But Let’s Not Forget Availability

I recently had the opportunity to take a public tour of an Amazon fulfillment center in Texas. It was an amazing experience and left me with a clear impression that loss of availability can have a colossal and devastating cyber impact on any organization with complex supply chains or time-sensitive customer services. We all focus on confidentiality of data, but in this case, availability took center stage.   

I visited Amazon’s SAT2, an 850,000 square foot facility in San Marcos, just north of San Antonio. They say that everything is big in Texas, but SAT2 is smaller than several other facilities in Amazon’s fleet of 110 automated warehouses in North America. SAT2 was described by our guide as a test facility where new technologies are introduced and battle tested during actual operations. If successful, these technologies are ultimately rolled out to the other fulfillment centers.

SAT2 is an amazing visual experience. Think of many robots moving in a carefully choreographed dance, nearly 10 miles of conveyor belts moving at up to 25 miles an hour, and scores of Amazon staff moving at great speed to sort, pack, and dispatch thousands of envelopes and boxes every hour. There are trucks everywhere along the perimeter of the building. Some trucks deliver items direct from manufacturers and distributors, and others transport the packed items to a distribution center for ultimate delivery to customers. Amazon has one-day Prime delivery in central Texas, as well as two-hour delivery as part of Amazon’s Prime Now program. Everything at SAT2 moves very, very fast. 

There are computers and specialized peripherals throughout the facility, and these assets control, optimize, and measure every aspect of the facility’s performance. Decision support systems instruct staff on how to stock items into large movable, upright containers, and a separate system guides staff on how to remove the right items to fulfill orders. There are thousands of yellow bins in play, and all are tracked in real time. In the packing area, one system instructs staff on the right size envelope or box to use based on the item’s weight and measurements as well as how much tape to use on the package. Highly specialized machines use puffs of air to affix shipping labels on the packages. Throughput is analyzed and optimized based on bar codes and QR codes seemingly everywhere, and the autonomous robots use QR codes placed on the floors to navigate and avoid congested areas. Screens throughout the facility report on real-time throughput as well as reported issues and problems for resolution. Our guide was proud to tell us that all the systems in SAT2 are connected to the Amazon cloud.

And that’s where my cyber brain kicked in and I got a shiver. All this wizardry and synchronization would come to a grinding halt if the systems were unable to perform their tasks or could not communicate with Amazon’s cloud to send data to be consumed by other connected systems. You may think that the impact would be limited simply to customers not receiving their items when expected, but I saw that lack of availability would have several cascading effects as well. First, fulfillment center staff would be impacted and might not be able to complete their daily tasks. For a prolonged outage, this could result in lost wages and hardship on their families. Suppliers would not be able to complete delivery of their goods to the fulfillment center, and there could be delays in getting paid for their items. Amazon’s delivery system could be impacted as well, and many are small companies or independent contractors, which could place their businesses at risk of failure or cash flow problems at the very least.

In addition to lost revenue, a prolonged outage would have a profound impact on Amazon’s brand, which is based on speedy delivery of items from “A to Z.” Inability to fulfill customer orders from one or several centers would be “page one news” and very hard to reconcile against Amazon’s slogan “Work Hard. Have Fun. Make History.” A severe outage during the busy holiday season would result in many disappointed customers and undoubtedly make history.

Although our Amazon guide was very knowledgeable about how the center operated, he was unable or unwilling to answer any of our questions regarding cybersecurity readiness or whether business continuity exercises occur. We had to assume that Amazon is taking great strides to maintain availability and continuity of business at their 175 fulfillment centers around the globe. With the recent preponderance of ransomware and its impact on availability, I saw firsthand how many people could be impacted by such an attack.

Systems are useless if they can’t perform their functions, and we’ve become increasingly reliant on computers and robots for maximum efficiency. And in the case of Amazon’s brand, these systems are critical.


How can we help?

If you have a question specific to your industry, talk with an Aite Group analyst.  Call us today to learn about the benefits of becoming a client.

Talk to an Analyst

Receive email updates relevant to you.  Subscribe to entire practices or to selected topics within

Get Email Updates