Another month, another major outage at a major technology company affecting the day-to-day operations of businesses worldwide.

When we started writing this blog in the middle of November 2025, the big news regarding cloud resilience and business continuity was focused on the major (and separate) outages suffered in October by AWS and Azure, two of the big three cloud service providers.

Then Cloudflare went down, again impacting businesses worldwide. Cloudflare isn’t a cloud service provider like AWS, Azure, or Google Cloud (the third of the world’s big three cloud service providers). Cloudflare instead offers a range of performance and security services, including content delivery network (CDN) services and protection from malicious attacks. It is the latter element that suffered the recent outage.

The reason why the Cloudflare outage should be considered in the same conversation as the AWS and Azure outages is the size of Cloudflare’s footprint. According to the company, around 20 percent of traffic on the internet runs through the Cloudflare network.

Getting to Grips with the Problem Part 1 – Scale and Variety

When considering cloud resilience and cloud-related business continuity, one of the main things to consider is the scale of the problem. Not in terms of the impact, but in terms of the multitude and variety of things that can go wrong. In all three recent cases, the cause was something different:

• AWS – failure in an automated system for managing DNS records.
• Azure – configuration error in Azure Front Door (AFD), Microsoft’s CDN.
• Cloudflare – issue with its bot management system. That system relies on a file that an AI model uses to determine if traffic requests are coming from a bot. An update caused the system to start duplicating information in the file, making it much larger than normal. This led to an error in the bot management system.

In all three of the above outage incidents, the companies identified and resolved the problems relatively quickly. The impact was still significant on businesses around the world, plus it puts into sharp focus another question: what would happen to my business if an outage were longer-lasting?

Getting to Grips with the Problem Part 2 – Spiderweb of Dependencies

Another essential point to consider is the reach of the four cloud-related service providers mentioned so far in this blog (AWS, Azure, Google Cloud, and Cloudflare), as well as other major players.

An outage at AWS might not impact your IT infrastructure directly, for example, but you might not be able to access your bank or a critical application that your team relies on. Similarly, you might be able to work through relatively unscathed if Azure suffers an outage, but a critical supplier could be knocked offline, disrupting your ability to deliver on your commercial commitments with customers.

This spiderweb of dependencies on cloud and cloud-related services, especially by the main players in the market, should be a factor when considering cloud resilience and business continuity.

Building Cloud Resilience and Business Continuity Capabilities – the Technical Part

There are critical technical components to building cloud resilience and business continuity capabilities. We have covered those technical components in detail in recent blogs. They centre on transitioning to a multi-cloud or hybrid cloud architecture to ensure your IT infrastructure no longer relies on a single provider.

A useful addition to the technical part of building cloud resilience and business continuity capabilities is to put in place measures to cope with an outage at a service like Cloudflare. This can include, for example, a multi-CDN strategy, so you are not reliant on one vendor, and/or a fail-open architecture.

A fail-open architecture is where systems default to an open state if a component fails, allowing all traffic through. There are risks with this approach, so it’s essential to assess which has greater priority – continuity of operations or strict security.

Building Cloud Resilience and Business Continuity Capabilities – Broader Considerations

Building robust cloud resilience and business continuity capabilities means not only diving deep into the technical considerations but also looking beyond them. Practical steps include:

• Conduct comprehensive dependency mapping so you have a complete picture of who relies on what systems and what services those systems rely on. This includes mapping and regularly reviewing your supply chain dependencies so you understand which partners are critical and how an outage could disrupt your operations. The aim is to identify all potential points of failure, including those currently hidden or unknown.
• Conduct a detailed risk assessment and classification exercise to identify the services and systems that need the highest level of risk mitigation, redundancy, backup plans, and resilience.
• Develop and maintain a prioritized list of alternative suppliers and partners, especially for essential functions, so you can quickly switch or supplement providers during outages.
• Elevate resilience governance in your organisation, as it is much more than an IT issue. Cloud resilience and business continuity are issues that impact all areas of the business, so resilience governance should have the highest level of priority.
• Implement manual workarounds for key processes. The aim is to enable continuity of essential operations even in circumstances where automated services from disrupted partners are unavailable.
• Assess and verify the business continuity plans and disaster recovery readiness of critical suppliers, technology vendors, and partners. This can include putting robust resilience clauses in contracts that include evidence that plans are regularly tested and evaluated.
• Incorporate supplier, technology vendor, and partner risk assessments into your wider business continuity strategy, with regular simulations, reviews, and updates to address new vulnerabilities and changing dependencies.
• Document learnings from disruptions so you can update plans and communicate improvements internally and with key stakeholders.

Expert Support

Navigating through these issues is complex, so it’s important to have support from an experienced team that can challenge assumptions and build more robust cloud resilience and business continuity capabilities. We can help at Accessplc – get in touch to arrange a consultation.