Aug 14, 2019 1:22:11 PM
The Painful Truth About “No Outage” Guarantees

Hackers might grab the headlines, but there’s a much less sexy, yet equally serious threat to your business: outages. According to the latest report by Ponemon, 74% of organizations still experience unplanned downtime and outages due to expired certificates. The cost of these incidents is a bad experience for your customers and has an even worse outcome for your business.

Just this week I was reminded of the pain caused by service outages. I met a friend for dinner. She arrived while carrying on a very animated phone conversation – arms flailing – telling some poor soul, “This is what we pay you for!” She’s head of operations for a Global 2000 enterprise that had just experienced a 25-minute service outage in the US and a seven-minute outage in Europe.

This made dinner talk a lot about work. Outages aren’t something people talk about until they happen. And when they do, they quickly jump from the back-burner to the boardroom. First, because they affect everyone in the organization. Second, because outages have massive costs (~$11M/outage*) and quickly stain even the most reputable brands.

It's because of the high profile cyber-attacks on Target, Equifax, and Capital One that the importance of staying on top of public key infrastructure (PKI) and digital certificates has come to the forefront. Enterprises are now investing in tools to prevent outages – and avoid being the next outage or breach.

Once her call ended and we got some snacks on the table (because snacks make everything better) we chatted about her organization’s IT spend with its network connectivity vendor. It’s several millions of dollars.

Why wouldn’t they have also spent a fraction of that to implement digital certificate lifecycle automation?

Why Every Digital Certificate Matters

While other certificate management providers claim a "no-outage guarantee" the fine print states that they will provide assistance to discover the cause of an outage after it happens. 

Hold up. After it happens? That’s after the damage has been done.

Every digital certificate is important. Every digital identity has a potential for causing an outage of some sort. Every digital certificate should be under management to prevent outages. That’s the value of putting monitoring and reporting and automation in place. The priority is to make sure an outage never happens. Not to have someone come in and analyze what went wrong.

Not every solution is made equal. Many lack the tools necessary to discover every digital identity across today’s complex IT environments. But when every certificate has an expiration date, every certificate must be monitored and managed. The reality is that in many cases, other solutions just aren’t built to cover every certificate, and cost models prohibit the complete coverage needed to prevent outages.

Bottom line, there is no “no-outage guarantee.” The most effective way that any organization can prevent outages is to discover, monitor, and automate the lifecycle of every certificate in their environment (no limits, no clauses). Not to guarantee that you’ll find out what went wrong after the fact.

In the end, we had some great bread and cheese, but my friend still wasn’t completely relaxed. Why? Because she wasn’t sure what part of the globe might have the next outage. That’s no way to spend a Thursday.

Download the 2019 Ponemon-Keyfactor Report, The Impact of Unsecured Digital Identities:

READ THE REPORT

*Ponemon-Keyfactor 2019 Report – The Impact of Unsecured Digital Identities