Possible Performance Degradation from CDN Usage
Most developers and administrators think that adding a CDN-hosted static file improves performance. The idea has been that a CDN has fast edge servers that cache content and deliver it based on the user’s geolocation. These cached servers are faster than a traditional single hosting server, and the developers got the benefit of convenience.
The same study also showed that slower mobile connections experienced higher latency from loading files on third-party servers. Over 3G, the same client’s customers experienced a 1.765 second slowdown compared to self-hosted files. After migrating their files to a local server, the client went from a load time of 5.4 to 3.6 seconds.
This might not seem like a considerable amount, but think in terms of large enterprise sites that have millions of user visits a day, which can easily add up to hundreds of millions a month. At scale, latency issues quickly trickle down to the end-user experience. The speed of a website has shown to affect bounce rate, customer satisfaction, and customer retention, not to mention the way in which Google bakes site speed into its ranking algorithm.
Avoid Single Points of Failure
If you’ve ever been through a disaster recovery exercise, you'll know that redundancy is the key to resiliency against failure. Should these third-party servers fail, internal infrastructure also fails unless you have failover systems configured. Popular third-party CDNs and cloud services have failover baked into their infrastructure, but as we've seen a lot recently, even the biggest cloud providers occasionally have outages.
One school of thought is that services in the cloud rarely, if ever, fail but it does happen to even the biggest providers. For example, back in 2017, a simple operational error crashed AWS S3 buckets in the entire Virginia US East data center region. S3 buckets are used as cloud storage and the downtime affected thousands of AWS customers. Those businesses without failover configured that relied solely on AWS would certainly have experienced downtime.
A small but related risk is when the third-party host retires services. This is rare with a large organization such as AWS, GCP or Azure, but smaller hosters could shut down services at any time, leaving the site application owner struggling to find an alternative as quickly as possible.