If you feel like the digital ground is shaking beneath our collective feet, you’re not alone. In my corner of the cyber world, the last couple of weeks have felt less like gentle cloud computing and more like a high-altitude game of infrastructure Jenga.
The internet has coughed twice recently, and both times, the source of the ailment was disturbingly similar.
First, we watched as the Amazon Web Services (AWS) US-EAST-1 region suffered a major disruption—a single point of failure rooted, ironically, in a basic mechanism: a DNS resolution failure for the critical DynamoDB service. The blast radius was global, reminding us just how much of the world’s application and identity backbone rests on a single region of a single vendor.
The Nine-Day Warning
But here is the truly concerning part: just nine days later, the entire cycle repeated itself.
This time, the culprit was Microsoft Azure. A massive, widespread outage crippled Azure Portal access and dragged a host of vital services down with it. Users lost access to essentials like Microsoft 365, Teams, Outlook, and OneDrive, disrupting workflows for companies large and small. Even consumer services like Minecraft and Xbox were affected. The severity was so high that reputable outlets were calling it what it was: an outage “breaking the internet.”
And the core diagnosis? Once again, the issue was fundamentally centered around DNS resolution problems.
Is Infrastructure as a Service (IaaS) Fundamentally Flawed?
When the two giants of the IaaS world, the hyperscalers responsible for running the majority of global cloud infrastructure experience such catastrophic, concentrated failures in such quick succession, I am compelled to ask: Is there a problem with Infrastructure as a Service itself?
My short answer is: No. The problem isn’t the technology; it’s the concentration risk.
IaaS is not the disease; it’s the highly efficient engine that allows thousands of companies to concentrate their risk in one place. The cloud won because it lets builders deploy in minutes and scale elastically. It handles the heavy lifting. But in doing so, we have built a digital world that relies on a tiny handful of centralized chokepoints.
When a DNS endpoint for a critical service (like DynamoDB in AWS or the core routing in Azure) “misbehaves,” it’s not just one company that stalls; it’s thousands of downstream services and applications. That is the definition of a single point of failure at hyperscale. We have engineered dependency without adequately engineering resilience.
My Prescription for Resilience
The solution is not to abandon the cloud. That would be like abandoning roads because of a traffic jam. The solution is to design for the reality of failure.
- Reduce Single-Region Risk: If your entire global operation anchors its identity, configuration, or critical database to one region (like AWS’s US-EAST-1 or a single Azure region), you are operating with an unacceptable level of risk. You must run active-active or pilot-light deployments in at least two separate, non-adjacent regions.
- Decouple Critical Services: Shared services like authentication (AuthN/AuthZ) should have failover paths completely independent of the main data planes. If a regional dependency fails, your global identity system should not be impacted.
- Embrace Multi-Cloud or Hybrid: These back-to-back outages demonstrate the power of putting diverse workloads on diverse infrastructure. Relying solely on a single cloud vendor, however vast, means a DNS hiccup in that vendor can take your entire business offline. Strategic use of hybrid and multi-cloud architectures is no longer a luxury; it is a mandatory resilience strategy.
The cloud is here to stay, but the recent outages are a stern reminder that resilience has to be engineered by the user. Failure is a normal event. It’s how we architect around it that defines the future of IaaS.
Feeling lost in the digital world? I am here to help!
Join me every week in this column, Dr. Tom’s Cyber Bits and Tips, for byte-sized advice on all things cyber and tech.
Sign up for our Sunday Spectator. Delivered to your inbox every Sunday, with all the news from the week.
