Business Continuity Management / Disaster Recovery,
Cloud Data Security & Resilience,
Governance & Risk Management
Azure Outage Occurs Just Days After Major AWS DNS Disruption
On October 29, Microsoft’s Azure cloud and Office 365 systems encountered a significant outage caused by a configuration error. This incident occurred just hours before Microsoft’s quarterly earnings call and a week following a disruptive outage experienced by Amazon Web Services (AWS).
According to Microsoft’s Azure Status page, the outage stemmed from “an inadvertent configuration change,” which led to increased latencies, timeouts, and errors for users accessing Azure services. Notably, this configuration error disrupted multiple Azure offerings, including Azure Active Directory, Azure SQL Database, and several other critical services crucial to business operations.
To address the situation, Microsoft implemented a recovery plan involving the restoration of its “last known good configuration.” By late afternoon, the company announced that recovery efforts should conclude by 7:20 PM. Recovery processes for such configurations often necessitate time as traffic must be rerouted through healthy nodes to prevent further issues.
The Redmond, Washington software company reported a decline in its stock price following the disruption, falling to $523.25 in after-hours trading—a drop of 3.57%. This incident notably coincided with a time when AWS was also grappling with its own widespread outage, attributed to a misconfiguration in its DNS settings, affecting numerous applications and services globally.
In light of these consecutive outages—one from Azure and the other from AWS—organizations should examine potential risks to their own cloud services. The sequence of events raises questions about the resilience of cloud providers and the vulnerabilities that may emerge from configuration errors. Such incidents may relate to tactics outlined in the MITRE ATT&CK framework, particularly ‘initial access’ through misconfiguration and ‘persistence’ in the context of maintaining service availability amid recovery efforts.
Understandably, this series of incidents could have a cascading effect across sectors reliant on cloud infrastructure, with implications for business continuity and risk management strategies. Companies leveraging Azure or AWS need to remain vigilant against potential vulnerabilities that may arise from service disruptions as they navigate the complex landscape of cloud security.
