336-886-3282[email protected]
Preferred Data Logo
Schedule

Cloud Outage Resilience: Why NC Businesses Need a Plan Before the Next AWS Failure

Forrester predicts two major hyperscaler outages in 2026. AWS, Azure, and Google Cloud had 100+ outages in the past year. Learn how NC businesses build true cloud resilience.

Cover Image for Cloud Outage Resilience: Why NC Businesses Need a Plan Before the Next AWS Failure

TL;DR: Forrester predicts at least two major multi-day hyperscaler outages will hit in 2026 as AWS, Azure, and Google Cloud divert engineering investment toward AI infrastructure and away from aging legacy systems. Between August 2024 and August 2025, the three hyperscalers experienced more than 100 service outages, with one AWS event alone generating 17 million Downdetector reports. North Carolina small businesses with ERP, email, payroll, and customer-facing systems concentrated in a single cloud need a resilience plan that does not assume the cloud is always available.

TechTarget summarized the industry consensus simply: "cloud outages expected to be the new normal in 2026." For most North Carolina SMBs, that headline translates into one practical question: when AWS or Azure goes down for a day, what does your business do?

Key takeaway: Resilience is not the same as redundancy. Most SMB cloud architectures have built-in redundancy within a single cloud, but they have no resilience to that cloud's control plane, identity service, or regional failure. True resilience requires architecture decisions that most SMBs make only after their first painful outage.

Reviewing your cloud resilience strategy? Preferred Data Corporation provides cloud solutions and disaster recovery for North Carolina businesses. BBB A+ rated since 1987. Call (336) 886-3282 or request a cloud resilience review.

How often do major cloud outages happen?

Cloud outages are now multi-monthly events. According to Solved.Scality, AWS, Azure, and Google Cloud combined experienced more than 100 service outages between August 2024 and August 2025. Notable incidents include:

  • AWS - over 17 million Downdetector reports during a 15+ hour outage in 2025
  • Azure - identity and VM service disruption that exceeded 10 hours, per Network World
  • Multiple Google Cloud regional events affecting BigQuery, identity, and storage

Forrester's 2026 prediction is straightforward: hyperscalers are diverting investment away from legacy x86 and ARM infrastructure to build GPU-centric data centers for AI workloads, and that aging infrastructure is faltering. TechTarget, Rest of World, and Data Center Knowledge all point to the same trend.

Why do cloud outages hurt small businesses more than large ones?

Multi-cloud risks are disproportionately higher for SMBs because, per Solved, "the infrastructure teams are smaller, the tooling budgets are tighter, and the margin for operational error is narrower."

In practice, four asymmetries hit small businesses hardest:

  1. Concentrated dependency. Many SMBs run email (Microsoft 365), CRM, ERP, and payroll on the same hyperscaler. One outage knocks out multiple critical systems simultaneously.
  2. No second site to failover to. Enterprises maintain warm standby environments. SMBs typically rely on the cloud provider's own redundancy, which is exactly what fails during a control plane outage.
  3. Limited IT bench. A 50-person manufacturer may have one or two IT staff. They cannot work the phones with vendor support, run incident comms, and rebuild services simultaneously.
  4. Customer expectations are equal. Customers do not adjust SLAs for company size. A two-day outage hurts a 50-person manufacturer's reputation as much as a 5,000-person one's.

According to Demand Sage's internet outage statistics, SMB downtime cost averages between $5,600 and $9,000 per minute when factoring in lost revenue, recovery work, and customer trust impact.

What is the difference between cloud redundancy and cloud resilience?

This distinction is the single most important concept for SMB cloud architecture in 2026.

ConceptWhat it providesWhat it does not provide
Redundancy (single-cloud)Multi-AZ failover, automated restartsProtection against cloud-wide control plane failure
Multi-regionRegional failover within one cloudProtection against identity, IAM, or DNS provider failure
Multi-cloudWorkload portability across providersOperational complexity, cost overhead
Hybrid (cloud + on-prem)Independent control planesCapacity planning, data sync overhead
Backup-only resilienceRecoverable dataOperational continuity

Most NC SMBs assume "we are in the cloud, so we are safe." That assumption holds only for hardware failure. Identity outages, control plane failures, and regional incidents disable redundancy precisely when it is needed.

How should NC small businesses approach cloud resilience?

A pragmatic resilience program looks at four layers:

1. Workload classification

Not every system needs cross-cloud failover. Classify workloads by Recovery Time Objective (RTO) and Recovery Point Objective (RPO):

  • Tier 1 (RTO < 4 hours): ERP, customer-facing applications, payment processing
  • Tier 2 (RTO 4-24 hours): Email, internal collaboration, CRM
  • Tier 3 (RTO > 24 hours): Reporting systems, archives

PDC's RTO/RPO planning guide walks through this classification step by step.

2. Backup independence

Backups must live on a different fault boundary than the primary system. The 3-2-1-1-0 rule applied to cloud environments:

  • 3 copies of data
  • 2 different storage types
  • 1 copy off-site (different region or cloud)
  • 1 copy immutable (cannot be modified or encrypted)
  • 0 errors confirmed through testing

PDC's cloud backup strategy guide and immutable backup analysis detail how to apply this rule to AWS, Azure, and Microsoft 365 workloads.

3. Identity and DNS independence

Identity services and DNS are the most common shared failure points in cloud architectures. If your primary identity provider goes down, you cannot log into any system that federates through it. Practical mitigations:

  • Maintain a break-glass administrator account stored offline
  • Use a DNS provider independent of your primary cloud
  • Pre-stage emergency communication channels (SMS lists, alternate email)

4. Operational rehearsal

Resilience plans that have never been tested do not work. Tabletop exercises and live failover drills must run at least annually. PDC's incident response process includes scheduled cloud outage tabletop exercises so a client's leadership team has practiced decisions before a real event.

Is multi-cloud the answer for SMBs?

Multi-cloud is often the wrong answer for small businesses. The complexity, cost, and skill demands of running parallel architectures on AWS, Azure, and Google Cloud usually exceed the resilience benefit.

ApproachWhen it makes senseTypical SMB cost overhead
Single cloud + strong DRMost SMBs (50-500 employees)10-20% above baseline
Hybrid (cloud + colocation)Manufacturers with on-site OT25-40% above single-cloud
Two-cloud (active-passive)Regulated industries, sensitive data50-80% above single-cloud
Two-cloud (active-active)Online businesses with strict SLA100%+ above single-cloud

I3 Business Solutions and Cloudtech's SMB cloud trends report both conclude that for most SMBs, the right answer is "single cloud with disciplined backup independence and tested DR," not multi-cloud.

Practical resilience checklist for NC SMBs

Apply this checklist to every Tier 1 and Tier 2 cloud workload:

  • [ ] Documented RTO and RPO for each workload
  • [ ] Daily backups with immutability enabled
  • [ ] At least one backup copy outside the primary cloud region
  • [ ] Backups tested (full restore) within the past 90 days
  • [ ] Break-glass administrator account stored offline
  • [ ] DNS managed by a provider independent of the primary cloud
  • [ ] Monitoring that alerts on hyperscaler regional incidents
  • [ ] Annual tabletop exercise simulating a multi-day outage
  • [ ] Communication plan with customer-facing language pre-approved
  • [ ] Cyber insurance coverage that includes business interruption from cloud outage

Most NC SMBs in High Point, Greensboro, Charlotte, and the Triangle can complete this list with their managed IT partner in a single quarter. The cost is small. The cost of an undocumented response to a multi-day outage is not.

What about Microsoft 365 specifically?

Microsoft 365 deserves a special note because it is the most concentrated single-cloud dependency in many NC small businesses. A typical SMB runs email, calendars, file sharing (SharePoint/OneDrive), Teams collaboration, and authentication (Entra ID) on M365. A regional Azure outage that affects identity can take down all of these at once.

Mitigation specifics for M365:

  • Independent backup: Use a third-party M365 backup tool (Veeam, Acronis, Datto, Barracuda) with off-Azure storage
  • DNS independence: Manage your domain DNS at a provider other than Azure (Cloudflare, Route 53, Google Cloud DNS)
  • Communication fallback: Maintain a secondary email address (Google Workspace, Proton, even a personal Gmail for the leadership team)
  • Document offline: Keep critical incident response runbooks downloaded as PDFs on local drives
  • Test once per year: Force a controlled outage of M365 access to confirm the plan works

PDC's Microsoft 365 management includes resilience configuration as a standard part of every deployment.

What does this mean for manufacturers and OT environments?

NC manufacturers face an additional dimension. When a cloud outage affects ERP, MES, or supplier integration platforms, production stops. The cost-per-hour of stopped production frequently exceeds the entire annual cloud bill.

Specific manufacturing resilience patterns:

  • Local-cache MES. Maintain on-site copies of critical work orders, BOMs, and production schedules so the floor can keep running for 24-48 hours of cloud unavailability.
  • OT/IT segmentation. Cloud outages should not affect the SCADA layer and PLCs. Segmentation guarantees that cloud failure is contained to IT systems.
  • Hybrid ERP options. Some ERP systems support local cache and offline ordering; explore these for manufacturing-critical workflows.
  • Edge compute for telemetry. Local processing of IoT and machine telemetry preserves visibility during cloud unavailability.

Key takeaway: Cloud outages will get worse before they get better. The good news is that resilience is achievable for any size of NC business. The bad news is that resilience is built before the outage, not during it.

How Preferred Data Corporation builds cloud resilience

PDC has helped North Carolina manufacturers, construction firms, and professional services build resilient cloud architectures for over a decade. Our cloud resilience program includes:

  • Workload classification with documented RTO/RPO for every critical system
  • Independent backup architecture including immutable, off-cloud copies
  • Identity and DNS independence to eliminate single points of failure
  • Tabletop exercises that rehearse multi-day outage scenarios with leadership teams
  • Live failover drills for Tier 1 systems where downtime is intolerable
  • Cyber insurance support including documentation that satisfies underwriting requirements
  • 24/7 monitoring that detects and responds to hyperscaler incidents in real time
  • Local NC presence for hands-on recovery work when remote access is impaired

Begin your cloud resilience review today:

Frequently Asked Questions

How many cloud outages happened in 2025?

According to Solved.Scality, AWS, Azure, and Google Cloud combined experienced more than 100 service outages between August 2024 and August 2025. The largest single AWS event generated more than 17 million Downdetector reports.

What is Forrester's prediction for 2026 cloud outages?

Forrester predicts at least two major multi-day hyperscaler outages will occur in 2026 as AWS, Azure, and Google Cloud prioritize AI infrastructure investment over aging legacy systems.

Should small businesses adopt multi-cloud architecture?

Usually no. Multi-cloud architecture is operationally complex and rarely justifies the cost for SMBs under 500 employees. A better answer for most NC small businesses is single-cloud with disciplined backup independence, identity resilience, and tested disaster recovery procedures.

What is the difference between RTO and RPO?

RTO (Recovery Time Objective) is the maximum acceptable time to restore a system after an outage. RPO (Recovery Point Objective) is the maximum acceptable amount of data loss measured in time (e.g., 15 minutes of transactions). PDC's RTO/RPO planning guide walks through how to set these for SMB workloads.

Does cyber insurance cover cloud outages?

Some cyber insurance policies include business interruption coverage that extends to cloud provider outages, but coverage varies widely. Carriers increasingly require evidence of independent backups, tested DR, and documented incident response plans before approving cloud-related claims. Review your specific policy with your broker and managed IT partner.

How often should we test our cloud disaster recovery plan?

At minimum once per year for a full restore test, plus quarterly tabletop exercises and monthly backup verification checks. Manufacturing and other time-sensitive operations may need more frequent rehearsals, especially after material architecture changes.

Support