View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Unplanned Outages Are Painful: The Unsexy Security Story that Everyone Should Care About…

Opinion: Tammy Moskites, Venafi CIO and CISO, talks to CBR about the cost of unplanned outages to an organisation, and why they occur in the first place.

By Vinod

Unplanned outages are painful, we all know this. The question is, do we all know why they happen and how to prevent them? Most likely not. Outages are typically thought of as the most important security story that no one wants to talk about. But if you don’t start paying attention to outages, it could destroy your brand and cost your company millions.

There are seven main causes of unplanned outages that IT security teams should keep top-of-mind:

Expired Keys and Certificates: Keys and certificates keep your website running and allow a secure connection to your system/network. When they expire, this is usually a result of human error and can leave your network extremely vulnerable to outages.

Software Bugs: Software bugs occur when there is an error, flaw, failure or fault in a computer program or system that causes a program or system to produce an incorrect or unexpected result.

Equipment Failure: Equipment is often unable to perform its requested function due to it being outdated or overused.

High Bit Error Rates: This occurs when the number of bit errors per unit time is too high for the system/network to perform correctly.

Power Failure: Many of the highly publicised network outages are due to a system/network losing electrical power.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Overload Due to Exceeding the Channel Capacity: This is when a system/network is not set up to support as much traffic as it is receiving.

Cascading Failure: This is a failure in a system of interconnected parts in which the failure of one part can trigger the failure of successive parts.

From this list, lets take a closer look at expired keys and certificates, as they are the main reason behind most major service interruptions and an issue that can be easily fixed. Digital certificates provide a crucial security function by assigning public keys to be used for cryptographic purposes, including digital signatures and encryption. The Certificate Authorities (CAs) that issue these certificates also determine how long they will be valid—weeks, months, or years—before they will need to be replaced or updated.

Research by the Ponemon Institute suggests that in the average enterprise, the total number of keys and certificates is over 23,000. And another survey conducted by TechValidate on behalf of Venafi suggested that most organisations (56%) used manual methods to manage their keys and certificates.

So when using manual methods, it’s virtually impossible to know where all of your keys and certificates are located, how to secure and keep track of them, or know exactly when they will expire. With this lack of visibility, it’s no wonder organisations are experiencing outages!

In autumn 2015, the Ponemon Institute released further survey results from 2,394 respondents in Global 5000 organisations, which noted that businesses are losing millions due to expired certificates and unplanned outages. To be more exact, $15 million is the average lost per outage! In the survey, the majority of the businesses even admitted to losing customers over the last two years because they failed to secure the trust established by keys and certificates.

Unfortunately, hackers are very aware of the vulnerabilities they can exploit with unsecured keys and certificates, and they take full advantage of them through website spoofing, server impersonation, and Man-in-the-Middle (MITM) attacks.

Knowing that e-commerce, computing, and mobility are all affected by outages, it turns what was once the unsexy story into one that all enterprises need to pay attention to in order to run their businesses smoothly and securely, and avoid becoming the next news headline.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.