Most Businesses Still Don’t Have a Real Redundancy Strategy
This week’s Cloudflare outage served as a stark reminder of how fragile modern digital operations can be when organisations rely too heavily on single-vendor architectures. As Cloudflare faltered, large portions of the internet stalled. Websites froze, authentication requests failed, ticketing platforms became unreachable, and countless integrations simply ceased to function. For many organisations, the disruption was immediate and severe. Yet the deeper issue is not that Cloudflare experienced downtime, but that thousands of businesses were swept into the outage because they had unknowingly built their entire digital ecosystem upon a single point of failure.
This incident revealed a persistent misconception in the SME landscape -
the belief that cloud services, by virtue of their scale and reputation, are inherently immune to failure.
Cloud platforms are undoubtedly resilient, but they are not invincible. Even the most advanced providers experience outages caused by routing issues, misconfigurations, upstream carrier problems, or unexpected infrastructure faults. When an organisation assumes that major platforms will always be available, it unintentionally transfers critical operational risk onto infrastructure it does not control. Outsourcing technology does not eliminate responsibility. You cannot outsource accountability for continuity. A business that believes otherwise is operating on hope, not strategy.
For many SMEs, Cloudflare is woven into their operations at far deeper levels than they realise. It does not simply act as a content delivery network; it frequently manages DNS, performs DDoS mitigation, routes traffic, supports Zero Trust access, underpins SaaS vendor authentication, and provides critical networking functions for their suppliers. When Cloudflare stopped working, businesses quickly discovered just how dependent they were. Websites vanished. Remote staff were unable to authenticate. PSA and RMM tools time-out out. Client communication channels froze. In some cases, the failure of Cloudflare cascaded into failures across multiple business systems because everything, from websites to ticketing platforms to authentication flows, relied on routes that passed through a single vendor.
The outage highlighted an uncomfortable truth, many organisations do not have a genuine redundancy plan. They have theoretical documents rather than operational capabilities. They have “secondary” systems that were never configured and thus cannot actually take over during an outage. They have backups that exist but cannot be restored within a reasonable timeframe. They have failover processes that have never been tested and alternative workflows that staff have never practised. They have identity systems with no fallback, DNS hosted solely on one provider, connectivity managed through a single upstream, and cloud authentication that becomes impossible to bypass during provider downtime. The absence of redundancy does not become visible until the moment it is needed, and by then it is too late.
A real redundancy strategy requires much more than simply having cloud tools in place. It demands intentional architecture built around diversity, optionality, and failover capability. At the network layer, organisations must ensure that internet connectivity is not reliant on a single provider or a single upstream network. True resilience is achieved through diverse links that can automatically take over when the primary fails. At the DNS level, redundancy is equally important. DNS should never be hosted solely on one provider. Secondary DNS services must be configured, synchronised, and actively tested so that the organisation’s domain remains reachable even when a major DNS provider experiences a global outage. Identity and access resilience must also be part of the design. Businesses should have controlled fallback policies, offline authentication routes for essential personnel, and alternative access mechanisms to ensure that a single vendor outage cannot lock their entire workforce out of critical systems.
Redundancy must also extend beyond infrastructure into operational workflows. Key business systems should have alternative access paths and offline capability where appropriate. Communication channels should not rely on a single application or a single connectivity pathway. Staff should know precisely how to continue their work when cloud-based systems fail, and these procedures should be rehearsed rather than merely documented. Resilience is created through design, testing, and validation, not merely the presence of tools.
This week’s outage proved that many organisations believe they have redundancy until the moment they attempt to use it. Redundancy that has not been tested is functionally equivalent to having no redundancy at all. Failover plans only become meaningful when they are exercised in real conditions. Organisations must be willing to simulate outages, validate alternative routes, and confirm that business-critical functions can operate under degraded conditions. This is not a technical luxury; it is a business requirement.
The Cloudflare outage should serve as a call to action for leadership teams. If a single vendor’s failure can disrupt your organisation’s operations for hours, then the issue is not the outage, it is the strategy. Resilience must be treated as a commercial priority, not an IT checkbox. Effective redundancy protects revenue, maintains client trust, preserves operational continuity, and prevents reputational damage. It is one of the most powerful safeguards a business can invest in, yet it remains one of the most neglected.
This incident has demonstrated that operational resilience is now a critical component of business governance. Redundancy is not merely a technical consideration; it is a competitive advantage and a survival mechanism. Organisations that build diverse, resilient, validated architectures will always experience less downtime, recover more quickly, and protect their operations more effectively than those who rely on large vendors and assume uninterrupted service.
If you would like to assess your organisation’s resilience, map your dependency risks, or develop an effective redundancy strategy tailored to the realities of modern digital operations, ICT Broker is available to advise independently and objectively. You are welcome to reach out at info@ictbroker.co.za