Data centres were once described as the quiet backbone of the internet, places where information moved without drawing attention to itself. That description no longer holds. In recent weeks, facilities run by some of the world’s largest technology companies have moved from the background to the front line of a regional conflict. The latest incidents involving Amazon Web Services in the Middle East suggest that the role of these sites has changed in ways that companies, governments, and users are still trying to understand.
Reports of drone strikes and disruptions across Bahrain and the United Arab Emirates have placed cloud infrastructure in an unfamiliar position. These are not symbolic targets. They are systems that support banking, logistics, communications, and government services. When they are hit, the effects are not limited to a single company. They spread across industries that depend on them.
Attacks on cloud sites expose new risks
The recent incidents began to draw attention in early March, when facilities linked to Amazon Web Services in the region were affected by drone activity. Two sites in the United Arab Emirates were reportedly struck, followed by damage to a facility in Bahrain. A later incident on April 1 led to a fire at a major site in Bahrain, according to local authorities.
These events did not occur in isolation. They followed explicit warnings issued by Iran’s Islamic Revolutionary Guard Corps, which named several American technology companies operating in the region as possible targets. The list included firms such as Amazon, Microsoft, Google, and Oracle. The warnings were not framed in technical terms. They were framed in strategic ones, describing data centres as part of a broader network that supports economic and state activity.
The pattern that followed suggests that these warnings were not rhetorical. The choice of targets points to a clear line of thinking. Data centres are fixed, visible, and difficult to relocate quickly. They also serve many users at once. A single disruption can affect thousands of businesses, making them efficient targets for those looking to create wider effects without attacking multiple sites.
In Bahrain, the facility identified as ME-SOUTH-1 has been a central part of AWS’s regional presence since its launch in 2019. It supports clients across finance, telecommunications, and public services. When disruptions were reported, customers were advised to move workloads to other regions where possible. That advice reflects a basic principle of cloud computing: redundancy across locations. Yet the need to activate those plans in a live conflict setting has exposed how dependent systems are on stable physical conditions.
Internal communications reported in the aftermath indicated that some availability zones in Bahrain and Dubai were not operating at normal capacity. Services continued, but without the usual level of backup. That distinction matters. Cloud systems are built to handle hardware failure or natural events. They are less prepared for repeated external attacks that can affect multiple sites within the same region.
From commercial infrastructure to strategic targets
The shift in how data centres are viewed did not happen overnight. Over the past decade, governments and large organizations have moved more of their operations into cloud environments. This includes not only commercial data but also systems tied to public administration and, in some cases, defence-related work.
That overlap has changed how these facilities are perceived. While companies maintain that their services are civilian in nature, the distinction becomes less clear when the same systems support a wide range of users. Analysts note that targeting a data centre can disrupt financial transactions, communication networks, and service delivery at the same time.
The use of relatively low-cost drones in these incidents adds another layer to the issue. Systems such as the Shahed-136 are not advanced in design, but they are produced in large numbers. Even if only a small proportion reach their targets, they can create enough disruption to affect operations. The economics of such attacks differ from traditional military strikes. The cost of launching them is low compared to the potential disruption they can cause.
This raises questions about how data centres are protected. Most facilities are built to withstand environmental risks such as heat, flooding, or power failure. They are not typically constructed with sustained military threats in mind. Physical security measures exist, but they are not designed to counter repeated aerial attacks.
For companies operating in the region, the issue is not limited to immediate damage. It also affects how clients view reliability. Even the possibility of disruption can influence decisions about where to store data or run applications. If a region is seen as vulnerable, businesses may choose to shift workloads elsewhere, even if services remain technically available.
The events have also brought attention to the concept of regional cloud design. Many countries have encouraged the creation of local data centres to ensure that data remains within national borders. This approach supports regulatory goals, but it also concentrates resources in specific locations. When those locations face external threats, the lack of geographic spread can become a weakness.
