Skip to main content
banner image
venafi logo

Unplanned Outages Are Painful: The Unsexy Security Story that Everyone Should Care About…

Unplanned Outages Are Painful: The Unsexy Security Story that Everyone Should Care About…

February 2, 2016 | Tammy Moskites
Key Takeaways
  • Unplanned outages aren’t sexy, like other website threats, but they can cost you your business
  • There are seven main causes of outages that need to be avoided to keep your website up and running
  • With an average of 23,000 keys and certificates, certificate-related outages are nearly impossible to track
  • Avoiding downtime is critical to maintaining e-commerce, mobility, IoT, and other vital services


Of course, we all know this. The question is, do we all know why they happen and how to prevent them? Most likely not. Outages, also referred to as downtime, are typically thought of as the most important security story that no one wants to talk about. So today, we are going to discuss why it doesn’t matter how sexy APTs, threat intelligence, and other trendy security topics might be; if you don’t start paying attention to outages it could destroy your brand and cost your company millions.

There are seven main causes of unplanned outages that IT security teams should keep top-of-mind:

  1. Expired Certificates: Keys and certificates keep your website running and allow a secure connection to your system/network. When certificates expire, this is usually a result of human error and can leave your network extremely vulnerable to outages.
  2. Software Bugs: Software bugs occur when there is an error, flaw, failure or fault in a computer program or system that causes program or system to produce an incorrect or unexpected result.
  3. Equipment Failure: Equipment is often unable to perform its requested function due to it being outdated or overused and this is a common cause of unplanned outages.
  4. High Bit Error Rates: This occurs when the number of bit errors per unit time is too high for the system/network to perform correctly.
  5. Power Failure: Many of the highly publicized network outages (See 2013 Super Bowl) are due to a system/network losing electrical power.
  6. Overload Due to Exceeding the Channel Capacity: This is when a system/network is not set up to support as much traffic as it is receiving.
  7. Cascading Failure: This is a failure in a system of interconnected parts in which the failure of one part can trigger the failure of successive parts.

Now, let’s take a deeper look at expired keys and certificates, since it is the reason behind most major service interruptions and an issue that can be easily fixed.

Digital certificates provide a crucial security function by assigning public keys to be used for cryptographic purposes, including digital signatures and encryption. The Certificate Authorities (CAs) that issue these certificates also determine how long they will be valid—weeks, months, or years—before they will need to be replaced or updated. As shown in a survey conducted by TechValidate on behalf of Venafi, most organizations (56%) used manual methods to manage their keys and certificates before turning to Venafi (Source: TechValidate. TVID: 739-CC2-CFC).

According to research by the Ponemon Institute, in the average enterprise, the total number of keys and certificates is over 23,000—so when using manual methods, it’s virtually impossible to know where all of your keys and certificates are located, how to secure and keep track of them, or know exactly when they will expire. In fact, the TechValidate survey discovered that, on average, Venafi customers found over 16,500 previously unknown keys and certificates after deploying Venafi (Source: TechValidate. TVID: 363-53E-598). With this lack of visibility, no wonder organizations are experiencing outages!

Last Fall, Venafi partnered with the Ponemon Institute to release survey results from 2,394 respondents in Global 5000 organizations, which noted that businesses are losing millions due to expired certificates and unplanned outages. To be more exact, $15 million is the average lost per outage! In the survey, the majority of the businesses even admitted to losing customers over the last two years because they failed to secure the trust established by keys and certificates.

Certificate-related Outages Cost $15 Million per Outage

Unfortunately, hackers are very aware of the vulnerabilities they can exploit with unsecured keys and certificates, and they take full advantage of them through website spoofing, server impersonation, and Man-in-the-Middle (MITM) attacks.

Knowing that e-commerce, computing, and mobility are all affected by outages, it turns what was once the unsexy story into one that all enterprises need to pay attention to in order to run their businesses smoothly and securely, and avoid becoming the next news headline.

What are you doing to prevent outages at your business while still ensuring strong security practices? I’d love to hear your recommendations and best practices.


Like this blog? We think you will love this.
Featured Blog

Stop Certificate Outages from Increasing in Frequency and Severity

Machine identity management was a mess This company had experienced 2

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Tammy Moskites
Tammy Moskites

Tammy is Managing Director, Senior Security Executive at Accenture. She has 30 years of experience and is noted for her expertise leading IT security organizations. She was previously the CIO/CISO of Venafi Inc.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more