The Dreaded Downtime And How to Avoid It

by Mike Dodson, Global Head of Security Architects at Venafi

Credit: ID 108618750 © Nuttanit Phansawat |

Unplanned website outages are frustrating – and a source of significant risk – for any organisation. In the digital era, customers’ tolerance is minimal to non-existent. Even a couple of hours of downtime can damage a corporate reputation and lead to significant losses in revenue, as customers take their trade elsewhere. Yet although this problem is frequently avoidable, it continues to affect organisations of all shapes and sizes, in Australia and abroad.

The value of trust

Expired digital certificates are frequently the culprit behind unplanned outages. Every single website you visit relies on a unique identity; a digital certificate that tells browsers the website or device is trustworthy, and your connection to it is encrypted. If this identity expires, the browser can no longer guarantee the website is secure. In many cases the browser or device will err on the side of caution; it will either warn users the connection is unsafe or prevent access outright.

The simple solution to this problem is to renew the certificate before it expires, to ensure continuous service. However, this isn’t always as easy as it sounds. Organisations rely on these identities for more than just websites. Every machine – that is, every device, program and application – needs an identity to show other machines that it’s trustworthy. These identities act as ‘passports’, allowing machines to know that the other machine they’re talking to is what it claims to be. Without a valid passport, there’s no way for machines to ‘trust’ each other, and applications, websites, devices and programs simply cease to interact. Most firms have thousands of machine identities in use, each with their own expiry date. Keeping track of them all can be challenging.

A growing problem

While the process of replacing expired machine identities isn’t complicated, it’s not surprising outages of this nature continue to happen. Large organisations typically have thousands of machine identities in use across the enterprise, including, in many cases, hundreds they’re not aware of. Keeping tabs on when every single one is due to expire isn’t something that can be tackled with a simple spreadsheet.

Moreover, reliance on them is increasing. As digital transformation rises up the agenda for Australian organisations, processes such as DevOps, AI, and Internet of Things are becoming mainstream. All rely on machine identities to function. Complicating matters still further, each unknown machine identity can be a flashpoint for cybercrime, as hackers are increasingly able to exploit them in order to appear legitimate, bypass security defences and infiltrate networks.

Staying in control

In this setting, control over machine identity is more important than ever. As the amount of machine identities in use skyrockets, organisations will find managing them manually an error-prone challenge.

Automating the discovery, management and replacement of every machine identity they rely on should be a priority for all enterprises, as should automating the process of monitoring them for signs of misuse. Without this capability, a high-profile website outage is likely to be a question of when, not if.


Tags cyber crimesecurity trainingvenafiCyber risksDevops

Show Comments