100+ Cloud Outages in One Year. Where Was Your Security?
Between August 2024 and August 2025, AWS, Azure, and Google Cloud combined for over 100 documented service outages. That is not a typo. Three providers. One year. A hundred-plus disruptions.
The industry tracks these events through the lens of uptime SLAs and revenue loss. Reasonable metrics for business continuity. But there is a question nobody is asking: what was your security posture during each of those outages?
If your endpoint detection, SIEM, or threat intelligence runs in the cloud, then every provider outage is a window where your defenses degrade or go completely blind. Your endpoints do not turn off during a cloud outage. They stay on the network. Still processing traffic. Still exposed. But the tools monitoring them are unreachable.
The numbers are bad
In October 2025, AWS suffered a 15-hour outage affecting 4 million users and over 1,000 companies. A DNS resolution failure in US-EAST-1 cascaded across services. Fifteen hours. That is an entire business day, plus overnight, where any cloud-dependent security tool relying on that region was degraded or non-functional.
Later that same month, Azure went down and took Microsoft 365, Xbox, and the websites of Costco and Starbucks with it. In June 2025, a Google Cloud and Cloudflare outage lasted multiple hours, bringing down Spotify and Discord.
These are not edge cases. They are the pattern.
Average outage duration by provider (2024-2025)
| Provider | Avg. Duration | Notable Incident |
|---|---|---|
| AWS | 1.5 hours | Oct 2025: 15h DNS failure, 4M users, 1,000+ companies |
| Google Cloud | 5.8 hours | Jun 2025: Multi-hour outage, Spotify + Discord down |
| Azure | 14.6 hours | Late 2024: 50-hour disruption |
Read that Azure row again. An average of 14.6 hours per incident. If your cloud-based EDR or SIEM runs on Azure, that means roughly 14.6 hours of degraded security monitoring every time Azure has a bad day. And Azure had a lot of bad days.
In late 2024, Azure experienced a 50-hour disruption. Fifty hours. That is over two full days where any security tooling dependent on Azure infrastructure was operating in a degraded state, if it was operating at all.
The security gap nobody tracks
Outage postmortems focus on what you would expect: root cause analysis, SLA credits, service restoration timelines. Business impact gets measured in lost revenue and customer frustration. All valid.
But nobody publishes the security impact. No outage report asks: how many endpoints lost monitoring coverage? How many threat alerts were delayed or dropped? How many hours of log data were never ingested? What adversary activity occurred during the blind window?
100+ outages in one year means 100+ windows where cloud-dependent security tools were degraded or non-functional. That is not a theoretical risk. It is an operational reality that the industry is choosing not to measure.
It is getting worse, not better
Forrester predicts at least two major multi-day hyperscaler outages in 2026. Not minor service degradations. Multi-day events affecting core infrastructure.
The question is not if your cloud-based security will go down. It is how many times per year. And whether anyone was watching when it did.
TechTarget frames it directly: cloud outages are "the new normal" heading into 2026. If outages are the new normal, then periodic security blindness is the new normal too. That should concern anyone responsible for a security program.
The architecture problem
This is not a vendor quality issue. AWS, Azure, and Google run some of the most sophisticated infrastructure on Earth. The problem is architectural. When your security tooling depends on infrastructure you do not control, your security posture inherits every failure mode of that infrastructure.
Cloud-dependent security means your threat detection is only as reliable as your cloud provider's uptime. And their uptime, as we now have 100+ data points confirming, is not 100%.
On-premise security runs on hardware you control. It does not phone home. It does not degrade when a DNS resolution fails in US-EAST-1. It does not go blind for 50 hours because a hyperscaler had a bad week.
Every cloud outage is a security gap. The industry tracks them as availability events. Start tracking them as security events.
Security tools that run on your infrastructure, monitoring your endpoints, processing your data locally, do not have this failure mode. They do not depend on a third party staying online. When the cloud goes down, they keep watching.
That is not a sales pitch. It is physics. Software that runs locally continues to run locally regardless of what is happening with an external cloud provider.