Experts weigh in on security risks of Microsoft Azure outage

Microsoft Azure has suffered a significant outage, and security experts are now highlighting the particular implications of the outage for organisations' defence mechanisms.

Rob Demain, Chief Executive Officer of security firm e2e-assure, explained that the AFD outage compromised access to a range of Microsoft services, including Copilot for Security, IDAM, Purview, and Microsoft Sentinel. These tools are fundamentally relied upon by Security Operations Centre (SOC) teams.

"Microsoft has reported that the outage was caused by an 'inadvertent tenant configuration change' within Azure Front Door (AFD) - a premium Microsoft service used to improve customers' security, availability, scalability and performance. This is likely to be a 'user error' or 'automation error', i.e. something similar in nature to what caused the CrowdStrike outages."

Demain noted that the architecture of AFD offers limited workarounds when such outages occur. "Due to the way it is implemented, the suggested workaround would remove the 'shield' but this would dramatically reduce security so there's not much customers can do other than wait for the outage to be resolved; using AFD is considered 'best practice' and is exactly the type of service enterprises who value business continuity turn to."

Removing the protective layer during an outage risks exposing customers' resources to attackers, effectively undermining security postures. Demain warned that the outage itself could serve as an opportunity for hostile actors. "Conceivably an outage such as this is the perfect smoke screen to attack an organisation by removing their ability to detect the attacks - i.e. security teams were prevented from accessing their tools, and also prevented from taking remediation actions due to these services not being available. Nation states and criminal groups could look at this outage and develop strategies to launch attacks that could have national economic consequences and economic resilience."

Multi-cloud complexity

There is an increasing consensus that a diversified infrastructure strategy could mitigate some of the risks associated with single-provider dependency. However, Demain highlighted the technical challenges in replicating services like AFD across different platforms. "While a multi-cloud strategy, or one that combines cloud and on-premise infrastructure, can reduce dependence on a single provider, services like AFD aren't easy to duplicate across multiple platforms. They're specifically designed to deliver resilience across multi-cloud and on-premise environments on their own."

The consecutive outages at AWS and Microsoft Azure have added urgency to ongoing discussions among policymakers and industry leaders about how best to secure critical national infrastructure. As debate continues, the resilience and sovereignty of the UK's digital backbone remain under scrutiny.

UK impact

The outage is also raising questions about the reliance of British critical infrastructure on US-based hyperscale cloud providers following a similar incident involving AWS the week prior.

The Azure outage, attributed to an inadvertent configuration change within the Azure Front Door (AFD) service, disrupted operations for a number of organisations in the UK, including those in the public sector and major financial services. AFD is designed to enhance security, availability, and scalability for enterprise customers, making its failure particularly impactful.

Concerns over dependency

The incidents have prompted industry voices to highlight the risks associated with the current concentration of cloud infrastructure within a handful of US providers. Mark Boost, Chief Executive Officer of UK-based cloud firm Civo, questioned the wisdom of relying on platforms that are both physically and administratively distant.

"Two of the world's biggest cloud providers have suffered major outages in the space of a week. It's a wake-up call for governments and enterprises alike, why are so many critical UK institutions, from HMRC to major banks and airports, reliant on infrastructure hosted thousands of miles away?"

Boost emphasised the issue of digital sovereignty, stating, "When incidents like this happen, digital sovereignty means having control, and right now, too much of ours is outsourced. The concentration of cloud power among a handful of US hyperscalers creates fragility at the heart of our economy. A single configuration error outside our borders shouldn't be able to ground flights at Heathrow or disrupt parliamentary systems in Scotland."

While he acknowledged that local hosting alone would not eliminate the risk of outages, Boost argued that the essential threat was the fragility caused by the dominance of a few platforms. "The past week has made one thing clear: resilience cannot come from dependency. We need to invest in a diversified, domestically governed cloud strategy and ensure critical applications are distributed across more than just the top three providers. Policymakers must rethink procurement, fund sovereign alternatives, and make resilience a baseline requirement - not an afterthought."