Cloudflare outage spotlights systemic risks in cloud resilience

A widescale disruption to online services has raised questions about the fragility of global cloud infrastructure and the response strategies employed by businesses and technology providers.

Cloudflare outage

Yesterday's outage at Cloudflare, which saw large portions of the web hit by 5xx errors after a configuration issue overloaded its traffic-engine, has heightened industry scrutiny. Cloudflare's Chief Technology Officer has apologised for the disruption, but many observers argue that repeated failures highlight wider systemic weaknesses, not bad luck.

Structural concerns

Xavi Sheikrojan, Director, Risk at Signifyd, an eCommerce platform, said, "In today's fully digitised world, an IT outage has a dire effect on businesses and consumers. With payment service providers (PSPs) responsible for servicing thousands of merchants, each of which having thousands of transactions happening every second and all of which having to be reviewed, validated and actioned appropriately, merchants can experience a backlog of transactions, opening themselves up to risk of fraud and other vulnerabilities."

Sheikrojan added, "Firewalls and other detection tools are likely to be down, giving cybercriminals an opportunity to gain access to exploit vulnerabilities, potentially resulting in new data breaches. There is a higher chance that suspicious activity and transactions that are normally automatically monitored will now slip through as fraud and security teams deal with a backlog of reviews that need to be conducted much more quickly."

Security risks

According to Sheikrojan, the interconnectedness of online commerce systems adds to the risks faced during outages. "Outages like these remind us that the payment ecosystem requires a holistic approach in transaction verification. This includes having contingency plans for these types of events, with enhanced security protocols, such as Multi-Factor Authentication (MFA), to deflect unauthorised access. Businesses also need to consider post-outage audits to identify anomalies and suspicious activity that might have occurred during the outage."

Industry adaptation

Dolores Saiz, Chief Executive Officer of the Server Labs, highlighted the increasing normalisation of such outages and the need for companies to proactively adapt their business and technology strategies.

"Incidents such as the Cloudflare outage are fast becoming the new normal. In a world built on hyperconnected services, disruptions aren't exceptional, they're expected.

"The most resilient organisations aren't the ones avoiding disruption, they're the ones designed to absorb it and trained to react. Architectural resilience leveraging multi-cloud strategies coupled with cultures that empower employees to flag risks are the foundation for this.

"The companies pulling ahead are those actively sharing threat intelligence with industry peers and government partners, treating resilience as a collective defence rather than a competitive advantage. This is the blueprint for the next decade: architecturally resilient, culturally vigilant, and collaboratively defended," said Saiz.