Phil A. McBride: We have broken the internet
A system designed to be distributed and resilient now has far too many eggs in too few baskets
By: Phil A. McBride
Picture this: You wake up one Monday morning, drag yourself to work, get a cup of coffee and sit down at your desk to find that Google Mail won’t open; or Microsoft Teams won’t let you in because it won’t accept your password or token; or you can’t open a file on SharePoint because the service says it is down. You call your I.T. resource only to find that your Cloud Services Provider (also known as a CSP) is down — not just for you, but for everyone in the province/country/world.
Emails won’t send, documents won’t open, collaborative messaging systems aren’t responding — hell, in some cases, your corporate phone system can’t communicate with the outside world.
As much as this is the nightmare scenario, it’s not only plausible, it happened. Last week. On March 2, 2025, at approximately 4PM Eastern, Microsoft 365 experienced an outage, locking out tens of thousands from Outlook and Teams. Businesses froze, schools lost virtual classrooms, and government offices sat idle as 37,000 DownDetector.com complaints piled up. It was a coding glitch, fixed by evening. Less than 24 hours later, a similar outage again crippled users, but this time the outage was confined to Canada.
Oh, good. So just one G7 country, not all of them.
We shouldn’t be shocked. Something like this has been brewing for a while. The Internet was originally conceived in the 1960s to be a resilient, disparate and distributed network that didn’t have any single point of failure. This is still true today. While there are large data centres around the world that aggregate traffic, we don’t depend on them. If one were to go offline, things would slow down, but the data would still flow.
The advent of the cloud, though, has completely changed how we use the Internet, especially in the worlds of business, education and government. And the cloud, alas, is not nearly as resilient.
Fifteen years ago, your average small or medium business would have their own servers. Those servers would be used to send/receive email, store files, and run various business or collaborative applications. Some of these servers may have been hosted offsite at a data centre to provide better security or speed of access, but the physical infrastructure belonged to someone — it was something you could touch and, more importantly, account for. Many companies kept their servers on site.
If a company’s server or network went down, it affected that company. They couldn’t send or receive email, they couldn’t open files, collaborate with staff or clients. They were offline.
But only they were offline.
Fast forward to today. Microsoft 365 dominates the corporate productivity services market with an estimated 45-50 per cent market share worldwide, with Google Workspace coming second, with around 30-35 per cent. This means that approximately 80 per cent of businesses are dependent on one of two vendors for their ability to transact business and communicate at even the most basic level.
Government and government-provided services, like education, health care and defence, are just as reliant on these services as the business world.
In today’s world, when Microsoft’s or Google’s services suffer a hiccup, it doesn’t affect one business. Or ten, or a hundred. Tens of thousands of business, and government offices and civil society institutions, all go offline. Simultaneously. Mom-and-pop stores, multi-billion-dollar corporations, elementary schools, hospitals, entire governments, all go out, all at once.
And we haven’t even talked about how Amazon, Microsoft and Google control almost two-thirds of the world’s web/application hosting market share. If one or all of those services go down, most of the websites you go to on a regular basis would suddenly become unreachable.
And what happens if these services don’t go down due to software failure or human error? That’s what happened with the Rogers outage of 2022. What if, instead, some enterprising state-sponsored hacking organization managed to compromise Microsoft 365 and take it offline? That is the nightmare scenario. Not only could the services be down for an extended period of time, the data you have in the cloud could be stolen.
For reasons of convenience for users and recurring revenue for the CSPs, we have created the world’s worst single-point-of-failure problem. We haven’t just put all of our eggs in one basket, we’ve put them in one basket, the basket is overflowing and we’re dangling it over a cliff.
There is also a subtler cost to this shift: autonomy. We used to be empowered to write our own digital destiny, as it were. Now, the vast majority of us are tenants in one of a few massive corporate fiefdoms. Businesses ditch on-premises servers for Google Workspace because it’s cheaper, until it’s not. Individuals store their lives in iCloud or OneDrive, trusting faceless algorithms with their privacy. When these systems fail or get exploited, we’re not just vulnerable, we’re powerless.
The vast majority of my firm’s clients use the cloud, but we also backup their cloud data to a source other than the CSP to ensure that they have access to their data should something unimaginable happen. Never, ever — and I mean never — depend on your CSP to backup your data for you. Make your own copy, and, if you can, store it on premises that you control on hardware you own. That is the very least you can do to take back even a little piece of your digital destiny.
I acknowledge that Pandora’s Box is already open and that we can’t rewind history. I further acknowledge that the cloud isn’t inherently evil — it’s a tool. However, tools wielded carelessly become liabilities. We have taken a system designed to be resilient and distributed and centralized many of its critical functions into a few core nodes that can, and sometimes do, fail or suffer attacks.
It’s hard to get attention on issues like this when so much else is happening in the world, but this is an important issue that we need to be paying more attention to … before something terrible happens. Because then it’ll be too late.
Phil A. McBride is a friend of The Line and an information technology specialist with over 25 years of experience. He owns readyIT Computing Solutions, a managed I.T. service provider in Guelph which serves clients in Ontario, Alberta and Quebec (including The Line!).
The Line is entirely reader and advertiser funded — no federal subsidy for us! If you value our work, have already subscribed, and still worry about what will happen when the conventional media finishes collapsing, please make a donation today.
The Line is Canada’s last, best hope for irreverent commentary. We reject bullshit. We love lively writing. Please consider supporting us by subscribing. Follow us on Twitter @the_lineca. Pitch us something: lineeditor@protonmail.com
Amen to all this.
The concern increasingly is not even (just) about hackers, state-sponsored or otherwise -- it is also about whether and when actual states use their autocratic power over monopolistic corporations (who have already declared fealty) to subjugate and coerce users (individual users, corporations, orgs, governments) in other countries. Until recently this would have basically meant China and its surveillance software like TikTok. Now it potentially means the Trump regime acting against Canada, Ukraine, Europe.
Excellent piece and great advice!! I have never trusted CSPs or the growing big tech monopolies, nor have I ever had faith in our governments to effectively protect people and institutions from foreign state-sponsored digital terrorists and other similar bad actors. I’m also old enough to remember when technology and internet access started to become mainstream in peoples’ homes back in the mid-late 1990s/early 2000s. Back then, technology was a largely localized tool (on individual computers or local servers) to serve OUR needs and operated entirely at OUR control. Then time went on with the inception of cloud based computing, monopolizing tech consolidations in the sector, the explosion of social media and now AI: where technology rapidly became not just an advanced tool for users, it also became a spy and a weapon for many others, including those that developed such technology. The functional use and purpose of technology today leaves users vulnerable and powerless, unlike the earlier days where users had more control. It’s indeed one of the very reasons why in recent years I made a conscious effort to become less reliant on technology, only using it when I absolutely need to, and even then I’m very minimalistic in its use, including the internet or my phone. I also happily report how much recaptured time I have acquired in my life since my disciplined and minimized approach to technology that continues to baffle every person I encounter these days, but I digress. For those not willing to take the disciplined plunge of technological abstinence as me, I’d recommend readers to do their research about which technological products and services they use or are thinking of using, carefully read their associated terms of service and privacy policies to better understand how that service works and how the service provider safeguards or uses your data, and then carefully decide if your convenience to use those services outweighs those disclosed risks.