Azure's bad night fuels fresh calls for cloud diversification in Europe As Azure staggers back to its feet following an hours-long outage last night, British and European businesses are questioning their reliance on Microsoft's cloud infrastructure. UK retailers Asda and Marks & Spencer were among those affected, as was Dutch Railways, with the group's online travel planner and ticket purchasing …
Yes, let's repatriate our data to the UK and Europe.
That way the US "Cloud Act" won't enable Trump and co. to peer over the government's and others shoulders.
Oh, it's also a good idea because you won't have to travel so far to kick a few arses when the the whole thing goes tits up.
It seems that the USA potentially no longer needs to actually physically invade a country to bring down governments and inflict regime change: they can just bring down their parliamentary voting systems instead (who on earth thought that it would be sensible to outsource - and presumably remotely host - something as mission-critical as that?!!).
The outage prompted a postponement of debate over land reform legislation that could allow Scotland to intervene in private sales and require large estates to be broken up.
A senior Scottish Parliament source told BBC News they believed the problems were related to the Microsoft outage."
There will have been change management however too many believe just having a change management process means disaster is avoided.
This is rubbish as all change management does is assign responsibility when everything goes titsup. It does little to improve quality.
You can engineer as many tests as you want to prove that you have done due diligence. The aim being to pass tests that get you through a CAB.
@hoola:
The aim being to pass tests that get you through a CAB.
If a person can bullshit their way through a Change Approval Board with skimpy and/or irrelevant tests, your business or organization has (at least one) systemic failure: the one which put the wrong people on the CAB.
Or you could (drumroll please) Host critical systems internally so you are not reliant on a company that don't care one little bit about you to not screw up and leave you without a working system. Sure there are specific systems where some form of cloud may be the correct solution, but in the end it's the computer of someone who don't give a beep about you and your data/system.
I suspect the issue is one of capex versus opex. Building your own ADC costs capital and our fellow counters of the beans don’t like that, I believe. Pushing it to opex as buying a service makes the balance sheet less up and down. Same reason UK Gov went for PFI all those years ago. Capital comes from someone else’s bucket so no longer their problem.
But then this happens as the techs always said it would. “reliance on big cloud providers”? Actually, reliance on any outsourced infrastructure. If you can’t kick it, you can’t control it.
I doubt this is the case as this is the point of a P&L.
You can spread the capital out over time in the P&L so you don't see those highs and lows.
In my experience, the reason for this shift was quite often that earlier it was cheaper to do with the service than the on-prem option due to adoption oriented pricing. Now people are addicted, the pricing is not so preferential, so it might be a good time to dig out the cost comparison spreadsheets.
I'd also wager that a good number of these migrations to cloud were driven by CIO egos wanting to get this onto their CVs...
> so it might be a good time to dig out the cost comparison spreadsheets
And don't forget to factor the costs of outages both past, present and what they could be in the future based on them not getting better as the cloud infrastructure gets bigger and more complicated.
Yes it can go TITSUP on-prem but at least you can get your hands on it and have people to kick encourage nearby.
You forgot that when asking for new cloud services, you have to make a request, have it approved by your manager, then since he won't see the automated mail by his manager, who will ignore it so the request will be cancelled, repeat the process 2 or 3 times, then have the guy managing the licenses approve the request (if he sees the mail), then have the new licenses purchased at the beginning of next purchase period (anything between 2 weeks and 6 months), ... and then have the license applied to your system, if your are not dead yet.
. . how you should fucking get back to managing your own systems with your own admins and stop depending on the pipe dream of someone else's server.
Yes, I'm an old curmudgeon nearing retirement. Call me boomer, I don't care. You deal with the fallout if you're so smart.
Also, while trying to refresh my memory of what a likely Reg newsgroup name would be like, I came across this:
RFD: Remove comp.unix.user-friendly
Date: Fri, 10 Oct 2025 10:21:57 EDT
RATIONALE:
Last activity in 2009
If there is need for discussion, more general groups can be used.
If even the (metaphorical or otherwise) greybeards have gone away…!
(In all honesty, I'm surprised that (m)any people would be still using usenet at all these days. It sadly (mostly) stopped being useful for me (apart from a few excepted groups which somehow still maintained strong communities), and became completely swamped with spam, and new users stopped arriving, a looong time ago…)
> In all honesty, I'm surprised that (m)any people would be still using usenet at all these days. It sadly
> (mostly) stopped being useful for me (apart from a few excepted groups which somehow still
> maintained strong communities), and became completely swamped with spam, and new users
> stopped arriving, a looong time ago…
I believe the inflection point was when it was taken over by Google.
Sad but not unmerited. JD may have been one of the first, but there are many other webcomic authors from that era still going strong.
Of course the politicians responsible for this mess could not find their own loopback addresses with both hands, as Miranda could assure them.
I take your point, but we take a hybrid approach.
- We develop our systems so that they are completely independent of the proprietary dev tools of the big 3 (Azure, AWS, and Google Cloud). They are therefore completely provider independent and portable.
- We have VMs spread across multiple service providers in multiple geographic locations.
- We mirror systems across multiple service providers and locations
We don't have to build our own redundant hardware infrastructure, but we get all the benefits of being in total control of our systems. No per transaction charges so costs are predictable and considerably less than on prem. Scaling up or down is easy. You don't have to be able to touch metal to have control.
The reason that people use the proprietary dev tools of the big 3 is that it's very quick and very cheap to build a lot of functionality. But you're then completely locked in and over the barrel with your trousers around your ankles. But hey ... nobody ever got fired for using Microsoft (or Google, or AWS).
Potentially a hot take here, but I don't think the cloud has necessarily made things less reliable than they used to be. Online systems frequently had outages before the cloud came along. I think what the cloud has done has increased awareness of it because a significant chunk of businesses have an outage at the same time, rather than it being isolated incidents that, by themselves, weren't particularly news-worthy
Yes there were outages, but one config change at a company on the other side of the world was unlikely to take you and half the internet down with it.
I don't think most people actually complain about uptime, but the absurd fallout when something do go wrong.
It should also be considered to be a very vulnerable single point of failure, with cost benefit ratio that would make any analyst salivate if a hostile nation / organization want to cause maximum disruption.
I can't think of any cloud offering that guarantees better uptime than what many companies had before it came along. But it costs money to create and maintain good infrastructure.
I have seen sites, and whole cities go dark when connections are inadvertenly pulled or cut – I remember 2001. But colocation and content delivery networks – admittedly a kind of cloud – did a great job at mitigating such risks.
But it was really the startup culture going mainstream that caused all the problems. "Suddenly" companies were serving millions of users from their garage with just a couple of people. You can imagine how more than a few CFOs got excited by this, along with many investors in both startups and "cloud" providers: monopsodies are now a real threat to competition. Just ask nVidia, OpenAI, ARM, Microsoft, Google, Anthropic and Amazon who actually pays for what.
You're 100% correct. Pretty much no one had better uptime than what AWS has exhibited over the past decade - and if they did it was mostly just luck because you can design and test your entire IT infrastructure for 5 9s but no one actually GETS 5 9s in a complex system in the long run because human error eventually fucks it up.
As you say, you probably won't hear about it if UPS goes offline for an afternoon and delays shipments, at least not unless you are waiting on a package. But if UPS is one of thousands of companies taken down by a cloud outage it makes the news all over the world.
I don't agree. When I think of the massive expansion of mobile telephones at the start of the millennium, this was done on systems that could not afford downtime and there are many similar examples. It was done, but at a cost.
Cloud providers are essentially offering opex versus capex and are promising savings through automation and cheaper labour costs. But the real costs are dependence on a single supplier and the loss of data sovereignty, which will only be realised when they become necessary.
Wasn’t the entire selling point of cloud computing that this sort of thing could never happen? The industry promised near-mythical uptime, automatic failover, and endless redundancy - all so businesses wouldn’t be crippled by local outages or rogue server updates. Yet one “tenant configuration change” at Microsoft was enough to take down swathes of Europe’s retail, transport, and communications infrastructure. The great irony is that the cloud has become the very thing it was meant to replace: a brittle, centralised system where a single slip (or a cleaner) can bring half the internet to its knees.
No, those were side-promises. The entire selling point was that the vendor promises 18% savings on the customer's current costs. My friends in the "advisory" industry assured me that 18% was a magic figure - big enough to make the CFO's pupils dilate, small enough that the vendor could deliver at that price for a couple of years before hiking prices through the remainder of the contract. They were equally clear there were rarely any cost savings - a customer big enough to attract sales attention from a hyperscaler or outsource provider would by definition be big enough that they'd have realised most of the economies - efficient procurement, an existing overhead base (HR, security, legal etc), big enough that there's no people split across multiple jobs, or fractional FTE. Even so, the hyperscalers had a modest cost of sales advantage, eg on DC design, costs of failover capacity, yet that was always more than eaten up by margin, sales costs and technical setup costs.
Corporate memory has an event horizon of three years, so by the time the client was being reamed out, they'd long forgotten what it cost to provide themselves, moreover the route to re-insource your IT is very heavy on front end costs, hence the CFO would veto it.
Kind of, but a lot of the promises on savings are that everything is opex and not capex. No (or far fewer) servers, lower costs on power and cooling and potentially fewer IT staff as well.
The day will no doubt come when a much bigger outage than this, or last week's AWS outage, or another CrowdStrike will destroy faith in cloud computing, and at that time the industry won't be able to adapt the other way quickly because so many firms are deprecating on-prem products.
I worked compliance at my last company. Dealt with many enterprise corporations & their "compliance" regimes.
First-party compliance is a box-checking stay-out-of-jail exercise. The requirements are not revisited in decades, the data is copy-pasted or sometimes outright fabricated. In theory, in the event of a reportable breach, someone could go back into the documentation and find the discrepancies, but we're talking a 6 9's event. Did the feds penalize UHC or any of their employees or officers? What about Cloudstrike? Microsoft?
Third-party compliance is, from the vendor's point of view a sales & marketing exercise.
Just by diverting resources, compliance is regularly at odds with security. Due to the peculiarities of the regimes, third-party compliance pressures vendors to be less secure.
Having been supply side to a bank, the banking regulators have been saying to them for some time that they have to diversify their usage across clouds.
The concentration risk of all banks being on so few providers is a systemic risk, not just a risk to an individual banking provider.
The UK online bank Monzo have apparently done pretty much that, having created an emergency holographic bank in case they need it (and, more to the point, have actually used it on occasions): "Please state the nature of the banking emergency."?
[Yes, I know the original is an EMH, but EHB seemed to phrase better…]
At the company I work for, we are moving to a system that supposes that at any time the computer is connected to the Internet, otherwise a user can't even log on his computer.
The fun thing is that if for any reason the computer is disconnected from the network while the user's session is locked, then it is not possible to log back in... only a local account can be used (if there is still one active, because of course security doesn't like this kind of setup).
I am waiting to see what will happen we the global rollout is performed by the end of 2025...
> “… pressing for a domestically governed cloud strategy”
no, just NO.
Keep government involvement well away from this, unless we want a project that takes five years, costs 10x more than it should, is redundant and dated by the time it’s ready or is cancelled by the next government to take power.
Corporate entities need to sort this out themselves by diversifying their hosting strategies and stopping relying on a single big tech solution.
There’s room for a middleman here, a seamless cloud service which uses multiple big tech clouds in order to orchestrate an effective redundancy solution.
The reason big tech have become so dominant is due to our increasing reliance on big data. That is only going to become more prevalent.
Most corporate entities simply cannot afford to rollout the required infrastructure and maintain it, it’s not their core business.
The idea of freeing themselves from big tech via self hosting is unrealistic.
If they have the in-house tech skills to architect a solution where multiple cloud providers provide an effective redundancy solution, that’s great, then it’s down to working out the cost implications.
The reason big tech have become so dominant is due to our increasing reliance on big data. That is only going to become more prevalent.
Most corporate entities simply cannot afford to rollout the required infrastructure and maintain it, it’s not their core business.
The idea of freeing themselves from big tech via self hosting is unrealistic.
But that's not what they're doing. They're doing things that are extremely realistic. To say "it's impractical to self-host big data" rather misses the point that even for very large businesses, the total requirement to self-host your key productivity/business services runs to - at most - a couple of racks of hardware. Crikey, you can host thousands of mailboxes from a single 1U server. Obviously it would be preferable to have some redundancy and backups(!) - but we're not talking hyperscale compute here. It's actually an underwhelmingly small estate.
Also, On-Prem/Colo-ing your core business functionality doesn't mean you can't selectively use cloud for big data/analytics. But that's a tiny proportion of your workforce.
Email, Filesharing, LDAP/AD - there's simply no need to bundle all that into Google Workspace or M363 except that the right people have been wined and dined.
Schleswig-Holstein migrates 30k state workers off Exchange/Outlook to Open-Xchange/Thunderbird. (The state began rolling out LibreOffice as its standard office software last year)
Austria's Federal Ministry of Economy, Energy and Tourism (BMWET) migrates 1200 users to Nextcloud in 4 months. (Albeit hybrid, with Teams still available for external meetings).
Denmark's Digital Ministry is replacing Microsoft services with LibreOffice and Linux.
France bans Whatsapp for govt workers and mandates self-hosted Tchap service (Matrix).
Bundeswehr moves to a Matrix-based messaging platform
At the end of the day, 1200 staff on 365 Business Standard is £11k/month - and realistically, some portion of them are on Premium, or E3/5, so you're actually looking at ~£25-30k/mo just to Microsoft - nevermind your own helpdesk payroll.
£350k/yr buys you a stack of basic mail and file servers (which will last 3-5 years), with more than enough left over to hire some additional in-house admin staff (because it's not like M363 frees you of the need for in-house helpdesk). And it keeps the lawyers happy since cloud was being deemed incompatible with both GDPR and NIS2. It's not all about money.
Matthew Hodgson» The trouble with big centralized systems," he said, "be it Microsoft Azure, AWS, Microsoft Teams, Signal, Slack or Zoom, is that they suffer global outages because they have single points of failure. True resilience comes from decentralization and self-hosting.
My worry is that data-centres will become targets in their own right, whether it be from locals whose area & quality of life has been destroyed by an insensitive & uncaring multinationals, from eco-terrorists looking for an apparently easy target, from people whose electricity bill is massively high (and I'm looking at the Irish here) or other diasaffected groups.
Now, if only Instagram, X or TikTok are taken down, few will suffer (and many young women will have their lives eased) but how many hospitals or other institutions necessary for our quality of life are dependent on data centres? We will learn the hard way once the data centres start shutting down more frequently.
This post has been deleted by its author
The many issues that come with relying on Google / Micros~1 for critical services really ought to be blindingly obvious to infrastructure engineers, especially here in Europe. We desperately need home-grown alternatives that are compatible with our laws and values. It's nice to see Element's CEO weighing in here; Element is a brilliant example of exactly the kind of initiatives that are needed. They deserve our support. Longer term I would like to see an EU law that makes it a requirement for all public bodies to use open source software, except in those cases where only proprietary solutions exist - for reasons of transparency, democracy, accountability, security, economy and innovation. See for example LiMux.
There once was an analogy about putting all your eggs in one basket, but somehow, the newer generations of manglement decided they could do it better and simply declared that the next generation eggs didn't suffer from the problems that legacy eggs did and it was all good now - purely because they said it.
Guess what -- they were wrong.
Don't get me wrong, a lot of the cloud concepts are great, but sharing the ideas will allow the size of fault domains to be reduced as more people deliver in a similar manner. They might even teach you a trick or two when you missed something that was obvious to them. This is after all how we evolve with technology.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
