You May Be Well-Architected, But Are You Secure?

Lessons from 6 Major Shared Infrastructure Incidents

Cloud and network architects often focus on building high-performance, scalable environments in accordance with the “well-architected” frameworks prescribed by their cloud service providers (CSPs). They’re asking, are we following the published best practices to ensure our architecture is secure? But here’s the real question: Is your architecture truly secure, or is there a weakness not yet exposed?

Recent incidents — including Salt Typhoon’s GhostSPIDER malware campaign, Microsoft Azure compromise, and a potential breach at Oracle — underscore a critical lesson: a well-architected cloud environment does not guarantee security.

If security isn’t designed into the network from the beginning, the very infrastructure that enables business agility can become an attack vector for advanced cyber threats.

By learning from real-world security failures, we can shift left in cloud and network security, ensuring organizations are prepared before the next breach—rather than reacting after the damage is done. The following incidents highlight how shared infrastructure compromises can ripple through cloud providers and disrupt entire industries.

Case Studies: When Cloud Providers and Shared Infrastructure Become the Weak Link

1. Oracle Cloud Infrastructure Breach (March 2025)

Oracle recently confirmed that it was investigating unauthorized access to its cloud infrastructure, possibly linked to the same threat actors behind the recent Snowflake-related breaches. A threat actor claims to have exfiltrated approximately 6 million records, potentially affecting over 140,000 tenants. Early reports suggested compromised credentials and the potential for lateral movement within shared services.

Business Impact:

• Operational Risk: Organizations utilizing Oracle Cloud services may experience disruptions due to the need for immediate security assessments and remediation efforts.​
• Compliance Risk: Entities, especially those in regulated sectors, must evaluate their obligations for breach notifications and ensure adherence to data protection regulations.​
• Reputational Risk: Businesses reliant on Oracle’s infrastructure may need to address concerns from stakeholders regarding the security and integrity of their data.​
• Financial Risk: Companies could incur unplanned expenses related to incident response, forensic investigations, credential rotations, and potential legal actions.​

Lesson for Cloud Architects & Ops Teams: Cloud architects and ops teams must maintain visibility and control in shared infrastructure environments to reduce risk. Encrypt all data in transit using customer-managed, high-performance encryption to avoid reliance on cloud provider defaults. Enforce workload-level isolation to contain potential breaches, and apply Zero Trust principles through continuous identity verification and distributed, context-aware security policies.

2. Salt Typhoon’s GhostSPIDER Attack (2023-active)

In Salt Typhoon’s GhostSPIDER attack, nation-state malware targeted telecom and cloud-edge infrastructure. The attack exploited weak segmentation, misconfigured network interfaces, and unpatched VPN concentrators.

The business impact included service disruptions across industries that depend on ISP backbones and cloud networking. It also caused potential espionage or intellectual property theft from compromised cloud environments. Organizations suffered financial losses from downtime, breach response costs, and regulatory fines.

Business Impact:

• Operational risk: Service disruptions across industries that rely on cloud edge and ISP infrastructure.
• Data security risk: Lateral movement enabled potential theft of sensitive or regulated data.
• Financial risk: Downtime and remediation led to revenue loss and incident response costs.
• Compliance risk: Breach events triggered regulatory reporting obligations.

Lesson for Cloud Architects & Ops Teams: Assume the network is compromised—implement high-performance encryption, network segmentation, and real-time visibility to prevent attackers from moving freely.

3. Microsoft Azure Compromise (July 2023)

In this attack, state-sponsored attackers stole an authentication token. The token gave them unauthorized access to Microsoft corporate email accounts, including high-ranking executives.

The attack exposed sensitive corporate data, leading to reputational and financial damage. It raised potential regulatory fines for failing to protect sensitive user data and caused a loss of customer trust and increased scrutiny on cloud provider security.

Business Impact:

• Strategic risk: Exposure of sensitive business plans, contracts, or correspondence shared with Microsoft personnel.
• Reputational risk: Enterprises were forced to explain their exposure and dependence on Microsoft infrastructure.
• Compliance risk: Enterprises had to assess potential breach notification responsibilities under regulations such as GDPR, HIPAA, or SEC rules.

Operational risk: Internal audits, key rotations, and response planning diverted resources from core business operations.

Lesson for Cloud Architects & Ops Teams: Relying on a cloud provider for security is not enough—organizations must enforce strict IAM (Identity and Access Management) policies, monitor for unauthorized access, and implement an independent encryption strategy.

4. CenturyLink Outage (August 2020)

The CenturyLink outage was caused by a telecom network misconfiguration. Its blast radius included AWS, Azure, and other cloud providers.

This outage caused massive downtime for businesses dependent on cloud services. The impact included financial losses from disrupted operations and SLA penalties. Because CSPs use telecom or internet service provider (ISP) backbones, the incident highlighted the risks of shared infrastructure.

Business Impact:

• Operational risk: Cloud-based applications and services became inaccessible, disrupting workflows and transactions.
• Financial risk: Lost revenue due to service downtime, especially in e-commerce, finance, and streaming services.
• Resiliency risk: Organizations without multicloud or redundant network designs experienced prolonged outages.

Reputational risk: Service interruptions eroded customer trust and brand reliability.

Lesson for Cloud Architects & Ops Teams: Avoid single points of failure by designing multicloud failovers and redundant network pathways.

5. SolarWinds Supply Chain Attack (December 2020)

This attack was a supply chain compromise through a backdoored software update. It infiltrated Microsoft Azure and other cloud environments, affecting thousands of organizations.

The attack caused widespread security breaches impacting both cloud providers and customers. It increased regulatory scrutiny and security costs for affected organizations and damaged trust in cloud-based supply chains.

Business Impact:

• Security risk: Backdoors granted threat actors prolonged access to sensitive systems and data.
• Compliance and legal risk: Organizations had to manage breach disclosure, notify affected customers, and respond to regulatory scrutiny.
• Operational risk: Patch freezes, monitoring gaps, and resource redirection delayed IT projects.
• Reputational risk: Even indirect exposure damaged customer confidence and supplier trust.

Lesson for Cloud Architects & Ops Teams: Security doesn’t stop at your perimeter—third-party dependencies must be continuously monitored, and Zero Trust policies should apply to all vendor access.

6. AWS Route 53 BGP Hijacking (April 2018)

This hijacking was done through border gateway protocol (BGP) manipulation. Attackers redirected AWS DNS traffic to malicious servers, intercepting data.

Through this attack, bad actors stole sensitive business and customer data. They caused service disruptions for companies relying on AWS Route 53 for critical operations and exposed weaknesses in global internet routing security.

Business Impact:

• Data security risk: Intercepted DNS traffic potentially exposed credentials, tokens, and private communications.
• Availability risk: Routing errors caused downtime and performance degradation for mission-critical apps.
  Reputational risk: Customers were blamed for issues rooted in internet infrastructure.
• Digital sovereignty risk: Trust in the global routing system was undermined, requiring additional traffic encryption and path validation controls.

Lesson for Cloud Architects & Ops Teams: Never assume internet routing is secure—encrypt all traffic, even when using private cloud interconnects.

You Built It, But is It Secure?

3 Security Areas to Integrate from the Start

Many organizations assume that cloud security is someone else’s problem—whether it’s the cloud provider, the security team, or a third-party vendor. But ops teams and cloud or network architects must integrate security into their designs from the beginning, not as an afterthought.

1. Secure Network Segmentation & Microsegmentation

Segmentation and microsegmention are essential because flat networks are a hacker’s playground. Once inside, attackers like Salt Typhoon can move laterally across workloads undetected. To integrate security early:

• Use network segmentation at the VPC and subnet level to isolate workloads.
• Implement microsegmentation between applications to enforce least-privilege access.
• Design with Zero Trust principles, requiring authentication before network access.

2. High-Performance Encryption Under Your Control

High-performance encryption matters because, as we saw with the GhostSPIDER campaign, unencrypted network traffic can be exploited to intercept sensitive data and inject malicious payloads. To integrate security early:

• Implement high-performance encryption to control both the infrastructure and encryption at each hop.
• Use encryption solutions that don’t sacrifice speed or visibility.
• Ensure traffic remains encrypted across multicloud environments without relying on third-party ISPs.

3. Real-Time Network Visibility & Anomaly Detection

Most security incidents go undetected until it’s too late. The SolarWinds attack remained undiscovered for months, allowing attackers free access. To keep your network secure:

• Implement real-time traffic monitoring to detect anomalies before they escalate.
• Use AI-driven security analytics to spot suspicious behavior across cloud workloads.
• Ensure full visibility across hybrid and multicloud environments—a single blind spot can be an entry point.

The Bottom Line: Security is an Architecture Decision

Salt Typhoon, SolarWinds, the Azure compromise, and now potentially the Oracle Cloud breach, all exposed the same reality—even the most well-architected environments can be easily compromised without built-in security.

If your ops team only reacts after an incident, or if your network architects assume security is someone else’s responsibility, you’re already behind. You built the infrastructure. Now make sure it’s protected.

Start today by integrating network segmentation, high-performance encryption, and real-time visibility into your cloud and network designs. The next security event shouldn’t be your wake-up call—it should be one you were already prepared for.

About the Author

Anirban Sengupta serves as Chief Technology Officer and Senior Vice President of Engineering at Aviatrix, leveraging over three decades of engineering and management expertise. Prior to Aviatrix, he was Senior Director of Engineering at Google, where he led the development and security of Google Kubernetes Engine (GKE) and Anthos. Anirban played a pivotal role in scaling the Anthos business to over $200M in annual recurring revenue and launched the GKE Enterprise offering.

Before his tenure at Google, Anirban was Vice President of Engineering – NSBU at VMware where he expanded the NSX networking and security portfolio, including NSX Edge, Distributed Firewall and NSX Intelligence products. His previous roles include leadership positions at Cisco Systems, Lucent Technologies, and Ascend Communications.

Anirban holds a B.S. degree in Computer Science and Engineering from the Indian Institute of Technology, Kharagpur, India and an M.S. degree in Computer Engineering from Santa Clara University, California.First

Anirban can be reached online on LinkedIn and at our company website https://aviatrix.com/