A recent outage involving Cloudflare has exposed the vulnerabilities and far-reaching effects that arise from the concentration of internet infrastructure among a handful of major providers. Several industry leaders have issued warnings about the systemic risks and operational challenges tied to the increasing dependence on these platforms.
Centralisation risks
Critical internet infrastructure has become increasingly centralised, creating situations where a single operational incident can have sweeping impact. Tony O’Sullivan, Chief Executive Officer, RETN, said:
“We’ve aggregated ‘failure domains,’ meaning a single operational fault at one of these providers can now silence a significant portion of the internet.”
O’Sullivan highlighted that the focus on mitigating persistent threats, such as distributed denial-of-service (DDoS) attacks, has led to widespread adoption of application-layer proxy services from major providers like Cloudflare. These solutions protect individual websites but also introduce new systemic risks.
Widespread disruption
Douglas Wadkins, Chief Technology Officer of Opengear, pointed to the immediate and severe consequences of disruptions to such large-scale services.
“Yesterday’s outage is another stark reminder of how dependent global systems have become on a small number of critical internet infrastructure providers. These providers power essential background services for many websites, so any disruption causes these sites to stop working immediately.”
Wadkins noted that businesses experience lost revenue, damaged consumer trust and extensive operational disruption even if outages last only a few minutes.
Automation challenges
Automation, while increasingly prevalent, also brings new vulnerabilities if incorrectly managed. Wadkins said:
“Automation is great and as we move towards agentic operations we’ll see even more benefit. But the importance of an independent management network grows exponentially as an agent can’t walk into a conference room if something goes sideways to talk to its peers.”
He also pointed out that common errors in automation processes – such as neglecting canary and blast radius checks – can exacerbate the impact of faults when large segments of the infrastructure depend on a single provider.
Manual or slow recovery processes following outages can mean resolution is protracted, with technical teams often struggling to identify and remediate faults in a timely manner. Wadkins explained:
“For example, if a major routing or service pathway goes down, teams may face long delays just trying to reach affected systems and stabilise them to restore normal function. With AI workloads adding more potential points of failure to the equation, both the length of downtime and risk of widespread disruption increase drastically.”
Resilience strategies
O’Sullivan advocates for more robust, multi-layered defensive strategies, moving beyond a dependence on a single provider.
“This outage will shape new strategies for true digital resilience – Multi-Layer Resilience that accepts no single point of failure. This means complementing security with network-layer DDoS protection provided by core backbone infrastructure to filter massive volumetric attacks on the edge of the network, before this traffic reaches destination, and deep network security with strategic redundancy: implementing Multi-DNS for an unbreakable global address book, and utilising Multi-CDN failover to rapidly shift traffic to a different infrastructure partner during any service disruption. This layered approach ensures maximum availability while preserving the performance benefits of all providers,”
said O’Sullivan.
Operational preparedness
Wadkins called attention to the importance of independent and rapid access to management systems during incidents to minimise disruption. Outages can quickly escalate with broad consequences for economic activity and digital communication.
He said: “The ability to access systems remotely, isolate the cause and remediate quickly is what stops a single point of failure from spiralling into a widespread outage. In our hyper-connected world, where global supply chains and digital networks are deeply intertwined, even brief disruptions can have far-reaching economic, operational, and geopolitical consequences in an already fragile climate.”
