Skip to main content
banner image
venafi logo

Unplanned Outages Are Painful: The Unsexy Security Story that Everyone Should Care About…

Unplanned Outages Are Painful: The Unsexy Security Story that Everyone Should Care About…

generic_blog_banner_image
February 2, 2016 | Tammy Moskites
Key Takeaways
  • Unplanned outages aren’t sexy, like other website threats, but they can cost you your business
  • There are seven main causes of outages that need to be avoided to keep your website up and running
  • With an average of 23,000 keys and certificates, certificate-related outages are nearly impossible to track
  • Avoiding downtime is critical to maintaining e-commerce, mobility, IoT, and other vital services

Say it with me—UNPLANNED OUTAGES ARE PAINFUL! 

Of course, we all know this. The question is, do we all know why they happen and how to prevent them? Most likely not. Outages, also referred to as downtime, are typically thought of as the most important security story that no one wants to talk about. So today, we are going to discuss why it doesn’t matter how sexy APTs, threat intelligence, and other trendy security topics might be; if you don’t start paying attention to outages it could destroy your brand and cost your company millions.

There are seven main causes of unplanned outages that IT security teams should keep top-of-mind:

  1. Expired Keys and Certificates: Keys and certificates keep your website running and allow a secure connection to your system/network. When they expire, this is usually a result of human error and can leave your network extremely vulnerable to outages.
  2. Software Bugs: Software bugs occur when there is an error, flaw, failure or fault in a computer program or system that causes program or system to produce an incorrect or unexpected result.
  3. Equipment Failure: Equipment is often unable to perform its requested function due to it being outdated or overused and this is a common cause of unplanned outages.
  4. High Bit Error Rates: This occurs when the number of bit errors per unit time is too high for the system/network to perform correctly.
  5. Power Failure: Many of the highly publicized network outages (See 2013 Super Bowl) are due to a system/network losing electrical power.
  6. Overload Due to Exceeding the Channel Capacity: This is when a system/network is not set up to support as much traffic as it is receiving.
  7. Cascading Failure: This is a failure in a system of interconnected parts in which the failure of one part can trigger the failure of successive parts.

Now, let’s take a deeper look at expired keys and certificates, since it is the reason behind most major service interruptions and an issue that can be easily fixed.

Digital certificates provide a crucial security function by assigning public keys to be used for cryptographic purposes, including digital signatures and encryption. The Certificate Authorities (CAs) that issue these certificates also determine how long they will be valid—weeks, months, or years—before they will need to be replaced or updated. As shown in a survey conducted by TechValidate on behalf of Venafi, most organizations (56%) used manual methods to manage their keys and certificates before turning to Venafi (Source: TechValidate. TVID: 739-CC2-CFC).

According to research by the Ponemon Institute, in the average enterprise, the total number of keys and certificates is over 23,000—so when using manual methods, it’s virtually impossible to know where all of your keys and certificates are located, how to secure and keep track of them, or know exactly when they will expire. In fact, the TechValidate survey discovered that, on average, Venafi customers found over 16,500 previously unknown keys and certificates after deploying Venafi (Source: TechValidate. TVID: 363-53E-598). With this lack of visibility, no wonder organizations are experiencing outages!

Last Fall, Venafi partnered with the Ponemon Institute to release survey results from 2,394 respondents in Global 5000 organizations, which noted that businesses are losing millions due to expired certificates and unplanned outages. To be more exact, $15 million is the average lost per outage! In the survey, the majority of the businesses even admitted to losing customers over the last two years because they failed to secure the trust established by keys and certificates.

Certificate-related Outages Cost $15 Million per Outage

Unfortunately, hackers are very aware of the vulnerabilities they can exploit with unsecured keys and certificates, and they take full advantage of them through website spoofing, server impersonation, and Man-in-the-Middle (MITM) attacks.

Knowing that e-commerce, computing, and mobility are all affected by outages, it turns what was once the unsexy story into one that all enterprises need to pay attention to in order to run their businesses smoothly and securely, and avoid becoming the next news headline.

What are you doing to prevent outages at your business while still ensuring strong security practices? I’d love to hear your recommendations and best practices.

Cheers!

Like this blog? We think you will love this.
small house model on a spiderweb of cracks in the pavement
Featured Blog

Outages Are Like Earthquakes—Both Are Catastrophic and Hard to Predict

Do I really have to get up for this one?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Tammy Moskites
Tammy Moskites

Tammy is Managing Director, Senior Security Executive at Accenture. She has 30 years of experience and is noted for her expertise leading IT security organizations. She was previously the CIO/CISO of Venafi Inc.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat