Cloudflare Outage Lessons: 5 Ways The Midmarket Can Survive Massive Cloud Downtime

The Cloudflare outage temporarily brought many businesses to a standstill. Here are some strategies for the midmarket to keep business running during massive cloud downtime.


Cloudflare’s outage Tuesday took down major sites including X (formerly Twitter), OpenAI and even the New Jersey transit system—the ninth largest transit system in the U.S. Now, some technology experts are sounding the alarm about overdependence on single vendors regarding critical tech infrastructure and the need for organizations to have foolproof failover plans in place for cloud outages.

The company attributed the downtime to a change in one of its database system’s permissions, it said in a blog post.

As a Content Delivery Network that offers a number of other services including cybersecurity, Cloudflare makes up a massive portion of the internet backbone, along with other CDNs like Akamai, CloudFront, and offerings from Amazon and Microsoft.

If cloud platform outages like the one with Cloudflare, and the AWS outage just weeks ago, can stop global corporations in their proverbial tracks, they can cause disastrous implications for midmarket organizations that lack the staffing and financial resources of corporate giants.

‘The Exponential Cost Of Infrastructure Monoculture’

Several industry experts weighed in on the problems with reliance on a handful of tech vendors.

“The internet was designed to be decentralized, but over time it’s become ‘re-centralized,’ with huge portions of global traffic and services depending on a few tech giants. That makes outages like Cloudflare’s far more disruptive and increasingly unavoidable,” cautioned Jim Atria, Lead Live Online Instructor at MyComputerCareer, in a statement emailed to MES Computing.

“The illusion of cloud infallibility must be retired,” said Spencer Kimball, co-founder and CEO of Cockroach Labs, in an emailed statement.

“We are witnessing the exponential cost of 'infrastructure monoculture.' When one vendor’s misconfiguration causes global business paralysis, it proves that the global digital economy is built upon a fundamental single point of failure. The only viable strategy now is to reject that fragility and architect for chaos: Resilience is no longer optional; it’s table stakes,” Kimball added.

“These are warnings about systemic fragility,” said David Utzke, who served more than a decade at the U.S. Treasury’s IRS Cyber Crimes Unit and is the current CEO of MyKey Technologies, in an emailed statement. “Several outages this year demonstrate how reliant we’ve become on these centralized networks—and how quickly that dependency becomes a vulnerability.”

5 Ways Midmarket Organizations Can Survive Massive Cloud Outages

Utzke offered several considerations and strategies for midmarket IT leaders to reduce the negative impact of major cloud outages.

While Cloudflare is a CDN, it also offers a plethora of other services: Cybersecurity, DNS, developer tools and domain registration are among the few.

According to Utzke: “These disruptions highlight the fragility of interconnected infrastructure and the widespread impact when a core provider experiences issues.”

Although Cloudflare offers numerous services, “it is not always more efficient to commingle so many complex interrelated systems under a single provider,” he said.

Instead, Utzke advises using various service providers for different needs like CDN, DNS, load balancing and security.

Instead of using a CDN’s a la carte menu of offerings, look to other providers as alternatives. Utzke suggests considering other vendors besides your CDN for services such as cybersecurity, zero trust, DNS, and development and tunneling.

“Risk assess ... systems and search for alternatives in the specific areas that are the most vulnerable when looking for alternative vendors,” he also said.

Use two or more CDN providers to serve your company’s site content.

If your primary concern is API security, a specialized platform is best. If you need content delivery but want to separate security, look at alternative CDNs or security tools,” Utzke said.

“Check if bundled security features in a CDN are redundant with your existing services to avoid paying for features you don’t need.”