Cloud outages, their financial costs, and multi-cloud failover strategies.
"The internet is down."
Twenty years ago, that just meant restarting a router somewhere. Today, it’s a bit more complicated. When AWS, Azure, Google or Cloudflare have a bad day, it can feel like everything stops working, from your favorite streaming service to your banking app.
We often accept these outages as just part of life on the internet. But for businesses, they are expensive, and often preventable.
The Real Cost of Downtime
It’s easy to brush off a few minutes of downtime, but the costs add up faster than you might think. It’s no longer just an inconvenience; it’s a major financial hit.
Recent analysis from 2024-2025 paints a stark picture:
The Minute-by-Minute Cost: The average cost of IT downtime has risen to roughly $14,056 per minute.
The Big Picture: This adds up to a staggering $400 billion annual drain on the world’s largest companies.
The Hourly Burn: For large enterprises, losing connectivity can mean burning through $1 million per hour. In critical sectors like finance or healthcare, that number can jump to over $5 million per hour.
The "Nines" of Availability Translated to Annual Downtime
| Availability % | "The Nines" | Max. Annual Downtime | Max. Daily Downtime |
| 99.0% | Two Nines | 3.65 days (87.6 hours) | 14.4 minutes |
| 99.9% | Three Nines | 8.76 hours | 1.44 minutes |
| 99.99% | Four Nines | 52.6 minutes | 8.64 seconds |
| 99.999% | Five Nines | 5.26 minutes | 864.00 milliseconds |
| 99.9999% | Six Nines | 31.56 seconds | 86.40 milliseconds |
There is also a big gap between what we pay for and what we actually get. We often aim for "Five Nines" (99.999% uptime), which allows for only about 5 minutes of downtime a year. But in reality, many organizations experienced a median of 77 hours of downtime in 2024.
If the cost of being offline is higher than your monthly cloud bill, it’s time to look at better options.
The Two Metrics That Matter: RPO & RTO
To plan for outages, you don't need to be a wizard. You just need to answer two simple business questions. These are your "failover" metrics:
RPO (Recovery Point Objective):
The Question: How much data can you afford to lose?
How it works: This is measured in time. If your RPO is 24 hours, you are saying, "I am okay with losing a full day's worth of data if we crash." If you need to lose zero data, your system becomes much more complex and expensive because you have to save data in two places at the exact same instant.
RTO (Recovery Time Objective):
The Question: How quickly do you need to be back online?
How it works: This is about speed. Can your business survive being offline for 4 hours while engineers fix things? or do you need to be back up in 4 seconds?
Strategies: From Basic to Robust
How do you protect yourself? Think of it like a ladder of safety. Each step up costs more, but offers more protection.
1. Multi-AZ (Availability Zone)
What it is: Running your app in two different buildings within the same region (e.g., two data centers in Northern Virginia).
The Good: If one building loses power or has a hardware failure, the other takes over.
The Bad: It doesn't help if the whole region has an issue. If
us-east-1goes down (like the massive outage we saw in October 2025), both buildings go offline together.
2. Multi-Region
What it is: Running your app in two totally different places (e.g., Virginia and Oregon).
The Detail: This is a solid disaster recovery plan. If a hurricane or a bad software update takes out the East Coast, your application keeps running on the West Coast.
3. Multi-Cloud
What it is: Using two different providers entirely (e.g., AWS and Google Cloud).
The Detail: This is the safest option. It protects you against "vendor risk", like if a provider has a global billing error or a security meltdown. It ensures that no single company's failure can take your business offline.
Deployment Styles
Active-Passive vs. Active-Active
Once you pick your location, you have to decide how they run:
Active-Passive: One site works, while the other sits waiting as a backup. It’s cheaper, but failover isn't instant, it might take a few minutes to "wake up" the backup site. This is the general Failover strategies
Active-Active: Both sites work at the same time. It’s more expensive (you pay for double the capacity), but if one fails, the other is already running, so users often don't even notice a glitch. But this is extremely difficult due to the split brain problem i.e the data syncing between completely different parts in the world.
How to Actually Build This
Running an app on two different clouds sounds hard because they use different tools. AWS uses one language, and Google Cloud uses another. We solve this by using "Abstraction", basically, using tools that hide the differences so you don't have to worry about them.
1. Containers (The Box)
The Problem: Code that works on a developer's laptop often breaks when moved to a server because the environments are different.
The Solution: We put the app in a Container (using Docker). Think of it like a shipping container. It packages the code with everything it needs to run. If the container runs on my machine, it is guaranteed to run on AWS, Azure, or Google Cloud.
2. Kubernetes (The Manager)
The Problem: Managing hundreds of containers by hand is impossible. You can't manually restart them every time one crashes.
The Solution: Kubernetes (K8s) is a tool that manages the containers for you. You simply tell it, "Keep 5 copies of my app running at all times," and it handles the rest, scheduling, restarting, and scaling them. It works exactly the same way on every cloud provider.
3. Terraform (The Blueprint)
The Problem: Clicking buttons in a web dashboard to set up servers is slow, boring, and prone to human error.
The Solution: Terraform lets you write code to build your infrastructure. You write a "blueprint" file, and Terraform commands the cloud provider to build the networks and servers for you. It ensures your setup in AWS looks exactly like your setup in Google Cloud, without you having to manually configure each one.
4. Route 53 (The Traffic Controller)
The Problem: You have clusters running in AWS and Google Cloud, but how do users know which one to visit?
The Solution: We use AWS Route 53 as our global traffic director. It sits above everything else and guides users to the right place using two clever record types:
Weighted Records (For Active-Active): This lets us split traffic evenly. We can tell Route 53, "Send 50% of the people to AWS and 50% to Google Cloud." If one side gets slow, we can dial it down to 10% or 0% instantly.
Failover Records (For Active-Passive): This is our safety switch. We set AWS as "Primary" and Google as "Secondary." Route 53 constantly checks the health of AWS. The moment it detects a crash, it automatically flips the switch and sends all users to Google Cloud.
Disclaimer: True Multi-Cloud Redundancy
A Note on Single-Provider Dependency: While Route 53 is robust, relying on it exclusively technically leaves you with a single point of failure: AWS itself. If you require absolute, provider-agnostic resilience, you need a multi-vendor DNS strategy.
You can achieve this by splitting your nameservers between Route 53 and a second provider (like Cloudflare or NS1). Since Route 53 doesn't support standard zone transfers, use tools like OctoDNS or Terraform to push record updates to both providers simultaneously, ensuring you stay online even if one provider goes dark.
Conclusion: Normalizing the "difficult"
We need to normalize multi-cloud deployments. For too long, the industry has accepted a convenient blame structure: if the cloud provider is down, we shrug and say, "There’s nothing we can do." We move on, and users wait. Because multi-cloud is complex, vendor lock-in has become the comfortable default.
But "it's too difficult" is not a valid engineering constraint. All worthwhile engineering problems are difficult until they aren't.
Consider where we started: a single VPS running a startup command coupled with hundreds of lines of brittle bash scripts. If you had shown those engineers Kubernetes, it would have looked like a monster on steroids, unnecessarily complex and terrifying. Yet, through constant iteration, Kubernetes is now the standard. We normalized that complexity because the resilience was worth it.
We must do the same for vendor lock-in. We need to treat AWS downtime as our downtime and take responsibility for it.
This is an attempt to show how we can start that journey. This Proof of Concept (POC) isn't a complete, silver-bullet solution, but it is a demonstration that with today's technology, true multi-cloud resilience is possible.
github.com/buddhadonthavemoney/multi-cloud
Companies are slowly starting to adopt this. It’s time we stopped waiting for the cloud to be perfect and started building systems that don't care if it isn't.
This article summarizes the key takeaways from Buddha Mani Gautam’s presentation on Cloud outages, their financial costs, and multi-cloud failover strategies at Aerawat Corp's #TechThursday event, a bi-weekly forum where we share the insights on emerging trends, innovative ideas, and rapid product development strategies around Fintech, Artificial Intelligence, Autism and Diversity with Disability Engineering and Accessibility hackings.
