On the Venafi blog, we talk frequently about the impact certificate-related outages can have on your organization (as you can see from all the hyperlinks in this first sentence—just saying). My colleague Diane Garey in her recent post, Think Machine Identity Management Costs More than an Outage? Think Again, asserts: “An outage that is triggered by an expired certificate is usually a wake-up call for an organization to start paying attention to machine identities.”
"An outage that is triggered by an expired certificate is usually a wake-up call"
Her position is declarative. Rationally, it is correct. Yet my first reaction as a less-than-rational human being was (and, as a representative of Venafi, am embarrassed to admit): But is it really?
I mean, yes, everything Diane writes has been proven by our customers. Certificate-related outages can lead to a “loss of revenue and drain on productivity.” There is, of course, that worst-case scenario where cybercriminals misuse “unprotected machine identities.” But I can’t really blame organizations for downplaying the consequences of an outage after some time has passed. So, when it’s time to budget for Machine Identity Management, it may be easier for them to justify their decision to postpone that investment because, as Diane puts it, “outages are just a cost of business.”
How do I know so much about this type of inertia, besides having a decent understanding of human nature? Because I’ve lived through at least half a dozen major earthquakes—and have done almost no preparation—until recently. Let me give you a real-life example of why I understand how organizations can put off preparing for (or even better, preventing) an outage until it’s too late.
Do I really have to get up for this one?
I’m tempted to go through my entire history of reactions to earthquakes, starting with my first, the Sylmar Earthquake, when I yelled at my older brother to stop shaking our bunkbed—until my dad showed up and held it steady. But let’s fast-forward to the big daddy earthquake of my life so far, the Northridge Earthquake of 1994. When it started, I was lying in bed, and my first thought was: Do I really have to get up for this one? Then, several seconds into it, I sat up: Oh wow, I do!
I stood under a doorway, as I was drilled to do throughout elementary school, and waited for it to end. A few plates slipped out of one cupboard and broke. A standing lamp keeled over onto the carpet. But that’s all the damage I sustained. I knew others, including my parents, who weathered significant property damage or minor injuries. And I mourned the people who died, grateful that the timing of the earthquake (around 4:30 a.m.) limited the number of casualties.
And then ... I did nothing to prepare for the next one. After all, it’s not like earthquakes happen every day. I got busy with school. Did you see O.J. Simpson in that white Bronco? My niece was born. My grandfather died. You know, things. I figured I’d deal with it when I needed to.
Does this sound familiar?
Over the next 25 years (!), I withstood other earthquakes, none of them as memorable—or damaging–as the Northridge one. One caused some drywall to crack. Another caused an outdoor standing candlestick to fall without incident. And after a few moments of “🤔, maybe I should prepare for the next one,” I defaulted to “What–Me Worry?” mode.
Then toward the end of June, I sat in on a marketing lecture about why people tend to default to the status quo, even after something significant has taken place. And the lecturer actually brought up how a majority of Los Angelenos, including himself, have yet to prepare for the next big quake. After laughing a little too enthusiastically, I thought: That’s it. I’m going to at least buy an earthquake emergency kit tonight.
And then I ... didn’t.
Less than a week later, the first of the Ridgecrest earthquakes hit Southern California. The first rumbled through on July 4, and it was not unimpressive. Little did I know it was only a foreshock to the main one that would hit the following evening.
There I was the evening of July 5, sitting on my couch, having paused the latest episode of Shameless, while the temblor kept going and going ... and going. It was like being on a ship cresting on choppy waves, the sort that makes landlubbers vomit. And I didn’t know what to do. I was paralyzed sitting under my ceiling fan like an idiot. What was I supposed to do again? And where is my gas main? Do I have enough water? And what if there’s ... another one???
Again, I’ve probably experienced more earthquakes than almost any of you reading this post, and after decades of inertia, the “cost of doing business” finally seemed too high, especially after reading how this latest earthquake heralded the end of California’s 25-year earthquake drought. I finally bought an earthquake kit, which had almost doubled in price from the last time I checked a few weeks earlier. I installed hinges for my cupboards to prevent shattering glass, and I went online to reeducate myself about earthquake safety. It’s no fun spending time and money on safety, but, really, playing Russian roulette with my welfare was stupid at best.
Avoiding outages: easier than avoiding earthquakes?
Okay, so the connected world has never experienced the lull of a certificate-related outage drought. Moreover, as cloud instances, mobile connectivity and other signposts of digital transformation continue to reshape IT environments, these types of outages will only become more common—way more common than the number of major earthquakes.
And it’s not a matter of if these types of outages will happen or when they will happen. We’re talking about something that could take place on a daily basis if you’re completely unprepared. And unlike my most recent earthquake experience, where the epicenter was over 100 miles away from my house, you can’t even count on distance lessening the blow—because the resulting damage to your network and your business, no matter how it’s constructed or distributed, isn’t constrained by distance.
But guess what? A turnkey way to prevent certificate-related outages exists! You can count on our No Outages Guarantee VIA Venafi to ensure you no longer get hit with outages of seismic (or any) proportion.
You can read more about our No Outages Guarantee VIA Venafi—or contact us directly to learn more. Our website does a better job explaining what it is than I can in this post. What you can expect from me over the upcoming months are a series of blog posts that recap some outage horror stories suffered by several organizations that are now Venafi customers—mostly as a reminder why you might want to prevent future outages before they can shake up your organization.
Hint: You might consider having an adult beverage ready when you read my Halloween post next month about how scary an outage can be. And don’t be too surprised if you feel the earth shaking under your feet!