Microsoft Teams went down because of an expired certificate
Microsoft reveals why Teams was down for hours this morning.
According to the reports, it was an “authentication” certificate, not an SSL/TLS server certificate, which means it would not be found by network scans. This underlines the importance of having a complete inventory of certificates deployed in the environment, not just one type or source of certificate. Server-side TLS certs are important to manage, but they’re only the tip of the iceberg in terms of a complete certificate inventory.
Ted Shorter, CTO and co-founder of Keyfactor says, “It’s not the certificates you know about that will cause your next outage – it’s the ones you don’t. Ignoring certain certificate types or sources within your organization creates a massive blind spot in which enterprise-critical certs can sit undetected and unseen – until they cause a problem. Even one single certificate can cause a lot of damage.
Managing PKI pre-cloud, DevOps and IoT was a simpler exercise. Network connections across people, applications and devices are constantly multiplying, creating an exposure epidemic that opens up new security risk, unchecked vulnerabilities and a broader attack surface. If Microsoft is having challenges managing their certificates imagine what that situation is like with smaller enterprises who lack the same level of resources and security maturity.”
Keyfactor and Ponemon are releasing findings next week from a report exploring enterprises’ ability to manage increasing numbers of cryptographic keys and digital certificates securing network connections. The research demonstrates that despite heightened compliance focus, businesses struggle to manage foundational security and the tools and processes that maintain it.”