Citadel
Sovereign

Advisory

← All case studies

Concentration risk

October 2025 · Global

AWS outage cascade

Risk visible at

Risk: L1

Mitigated at

Mitigated: L3

— What happened
A major AWS regional failure cascaded globally, taking down government portals, banking platforms, and healthcare systems. Organisations discovered the hard difference between cloud resilience and sovereign resilience — AWS multi-region redundancy does not help when the dependency is the vendor itself, not a single data centre.
— Root cause
Single-vendor concentration in cloud compute with no validated sovereign alternative. Monitoring infrastructure ran through AWS itself — the thing that failed was also the thing watching for failures. No concentration ratio monitoring. No tested failover.
— How our model mitigates this
Prevention (our model)
At Level 1, we calculate each foreign provider’s concentration ratio across the digital estate. Any provider exceeding 40% of critical compute triggers a mandatory diversification programme. At Level 3, STC Cloud and Hexagon DC are validated as live parallel environments under 100,000-device stress tests.
Detection (our observability)
Our sovereign observability stack (OpenTelemetry, Prometheus, Grafana) runs entirely in-country — independent of AWS. An AWS failure is detected within 60 seconds. Automated SLO breach alerts trigger the sovereign failover runbook within 2 minutes, before any human intervention is needed.
— Our specific action
We build a dependency concentration dashboard showing real-time foreign provider ratios across all critical workloads. When any provider crosses the 40% threshold, automated alerts escalate to executive level. We then design and validate the sovereign compute failover path to a target RTO of under 4 hours.

— Source & reference

Published source

A Cascade of Failures: A Breakdown of the Massive AWS Outage

The New Stack

Read the source
Commission an assessment
Could this happen to you?
Our Level 0 assessment maps every exposure of this type across your digital estate — in 4 weeks, at a price a director can approve. The findings answer this question precisely.
Commission an assessment →

Citadel Sovereign Advisory

Your hardware, your software, your sovereignty?

sovereignty-services.com
info@sovereignty-services.com · © 2026