For years, the answer to business continuity was simple: move to the cloud. Redundant infrastructure, geographic distribution, managed failover. The major hyperscalers would handle it. Organizations could stop worrying about the server room and focus on running their business.
That assumption is now being tested in ways that no continuity plan from five years ago anticipated. The beginning of major hostilities between Israel, the US, and Iran in February has introduced a new risk for IT teams operating in tense geopolitical environments to consider: war.
This is highlighted by drone strikes on AWS data centers in the UAE and Bahrain in March 2026, which caused structural damage, power disruptions, and prolonged outages across compute, storage, and database services. Far from being collateral damage, Iranβs Islamic Revolutionary Guard Corps (IRGC) explicitly claimed responsibility for the attacks, citing the data centersβ role in supporting US military and intelligence networks.
However, the fallout was not limited to the US military. Financial institutions, contact centers, and communications platforms were among those affected.
The lesson is not that the cloud is broken. It is that the physical infrastructure providing these services can be disrupted. For organizations running mission-critical UC and CX platforms, that realization is forcing a fundamental rethink of what resilience actually means.
The Geography Problem No One Was Watching
The real threat for customers lies with those using cloud data centers in the region. When the drone strikes hit AWS facilities in the UAE and Bahrain, EC2 compute, S3 storage, and DynamoDB databases went down, and at least one facility shut down completely. Consequently, key regional banks such as ADCB and Emirates NBD reported service disruptions, as did global companies with regional operations, including Snowflake.
Following the outage, AWS advised companies in the region to migrate workloads to regions in the US, Europe, or Asia Pacific. However, this approach introduces its own challenges. Higher latency and reduced performance are often the result of being served by data centers located much farther away, which is unacceptable for some business services.
For companies running sensitive data operations such as banking, such contingency measures may not even be an option. Giles Adams, CEO of VQ Communications, described his experience managing the fallout:
βA customer responsible for critical digital services suddenly lost access to key collaboration capabilities during the disruption.β
βThey urgently needed to restore secure internal communications and coordination.β
For companies in critical sectors or regulated industries, such downtime could leave them exposed to fines for inadequate contingency planning.
Fortunately, Adams explains, βthe customer had invested in a self-hosted environment, so we were able to operationalize that platform and restore secure conferencing capabilities in under six hours.β However, the experience left a lasting impression.
Rethinking Resilience From the Ground Up
Since the incident, Adams explained that the customer has moved its on-premises service to primary and now uses sovereign cloud as a backup. The architecture did not change dramatically. The priority order did.
That pattern is repeating across the market. Mark Duff, Vice President of International Pre-Sales Engineering at Mitel, has observed demand shifting in real time.
βCustomers are starting to spread their bets on where solutions need to be to protect their businesses,β he said.
βRecently, one of my team members came to me about a bank that said they are using Teams, but would like us to provide an entirely resilient voice solution on-premises, just in case.β
That βjust in caseβ qualifier is becoming standard in procurement conversations. Although European nations have not experienced physical infrastructure attacks of this nature, the current geopolitical climate is prompting many organizations to reassess their options. A growing digital sovereignty movement, fueled in part by cooling relations with the US, combined with increased cyberattacks linked to conflicts in Ukraine and Iran, is driving interest in diversified contingency strategies for critical systems such as communications.
Duff cited figures that put the scale of transition in context: βSome recent statistics we saw showed that 68% of systems in the market are over seven years old, and a high proportion of organizations planning to replace them in the next three years are now looking at hybrid deployments.β The driver, Duff explains, is increasingly survivability. Organizations are not abandoning the cloud. They are refusing to be wholly dependent on it.
Continuity for a World That Keeps Changing
The events of early 2026 did not create this problem. They revealed it. The assumption that cloud infrastructure exists above geopolitical instability was always fragile. Physical data centers sit in physical locations, and those locations exist in a world that is becoming less predictable, not more.
Duff did not mince words on that point. βThe whole world order is changing,β he said. βWe have seen shifts in who we would typically consider allies. That flows directly into business, where companies are now having to be very mindful of system survivability.β
Governments are already responding. Sweden has issued guidance to its business community on defending systems against bad actors and infrastructure disruption. France has announced that from 2027, government agencies will not be permitted to use non-European sovereign systems. Policy and market direction are moving in alignment.
Adams framed the longer-term implication clearly. βWhat incidents like this highlight is that organizations are increasingly having to consider infrastructure sovereignty, geographic concentration risk, and what happens when critical communications platforms become unavailable during periods of instability,β he said. βWe are likely to see continuity planning become a much bigger part of conversations around collaboration infrastructure over the next few years, particularly in government and defense sectors.β
For IT leaders, the immediate task is straightforward, even if execution is not. Audit where your infrastructure actually sits. Test disaster recovery plans against physical failure, not just software outages. Understand the compliance obligations attached to each region your data touches. Build resilience that reflects the world as it is, not as it was when your current architecture was designed.
Cloud is not going away. But cloud-only contingency planning increasingly looks like a relic of a more stable era. That era may not be coming back.
