Risk Management: Lessons from the Cloudflare Outage

Cloudflare’s recent outage knocked many websites offline for several hours, and like last month’s AWS outage, this Forrester Research blog says that it offers several lessons on Cloud resilience. Here’s an excerpt:

This outage, like the AWS and Azure ones last month, is a flashing warning sign for every enterprise with heavy single-cloud and SaaS dependencies for their core business workflows. Becoming resilient means doing the following:

– Use a multi-CDN architecture: Spread your risk — don’t let one provider be your single point of failure.

– Employ failover DNS and secondary security layers: Keep your business running, even when your main provider stumbles.

– Expand to broader observability: Deploy heartbeat monitoring and observability tools that track the health of all your third-party dependencies — cloud, SaaS, and beyond.

– Architect for Zero Trust and network segmentation: Make sure your internal systems can keep humming, even if the outside world goes dark.

 – Use chaos engineering/resilience hypothesis testing: Do A/B tests to determine how your digital services would be affected if a core service you depend on fails, then use the output of those tests to decide how to improve your resilience posture.

The blog says that companies should also complete a vender risk assessment incorporating a regular review of service level agreements and incident response drills, undergo complete business continuity planning, and select more resilience-oriented venders and address remediation costs when acquiring a new service.