Cloud services don’t go down, do they?
But, this is the second time in as many months where Microsoft has suffered an outage which has taken downtime to over a few hours.
February’s outage of Microsoft Teams caused major disruption and an expired certificate was to blame. The expired authentication certificate (a critical security certificate) is a pretty big oversight for a company such as Microsoft and it caused major disruption for nearly 8 hours.
At the end of 2019, Microsoft Teams and other office 365 services experienced an outage caused by a networking update which took services down for more than 2 hours. And Microsoft are not alone. In the first week of February, Gamma suffered a widespread outage and Vodafone suffered a major outage in June last year.
The expiry of licences and certificates
All of an organisation’s systems will now be software dependent and protected by a variety of security mechanisms including licences and certificates. Generally speaking, licences and security certificates are time dependent and this time will, eventually, lapse. The consequences of an expired licence or certificate can escalate from warnings through to reduced functionality or security protection and, in extreme cases, widespread service outages like those witnessed last week.
An end-user organisation must assess its dependency on its various licences and certificates, and the impact of expiry, and subsequently consider ways to manage and mitigate this impact. This can involve passing the risk onto suppliers, with robust contract conditions and penalties for exceptions.
In parallel with contractual protection, most organisations should ensure that they have the best possible understanding of the licence and certificate dependencies of their solutions. This would include:
- What licences/certificates does the entire solution require?
- Which of these licences/certificates are time dependent?
- How can these be managed/monitored?
- What happens if/when a licence/certificate expires?
The modern dependency upon cloud communications services
As a society, we are now heavily dependent upon cloud communications, as a result of an evolutionary shift. It is fair to say that many organisations do not fully understand just how dependent their routine operations are on cloud data and services. Because of this, very few organisations will have an effective plan in place for contingency and business continuity. In this age of dependency, a cloud outage can result in, at best, loss of productivity, but can, at worst, lead to life threatening situations.
Although these events do not happen often, it reminds us of how reliant we are becoming on the cloud and on cloud-based systems. This latest outage should act as a timely reminder to all organisations that have migrated their telephony and unified communications (UC) to Teams or other cloud services, or that plan to do so, that they should have a comprehensive plan in place to react. One which addresses:
- Do you know the service availability that you should expect?
- Do you have business continuity arrangements to protect your critical services?
Business continuity, planning for the unexpected
We are living in a world of “expect the unexpected” which is a very difficult environment for organisations to plan for and to keep operations moving forward in times of crisis and emergency. But this is indeed what they are expected to do.
A business continuity plan addresses how organisations will react to business disruption in the event of a crisis or emergency. By default, this not only looks at people and business activities but also IT and technology systems.
Business continuity for IT and technology will specifically address how much downtime is acceptable before a more serious impact is experienced and will detail what needs to be back online first to allow operations to start functioning again.
Business continuity and cloud based solutions
Cloud based solutions on one hand are helping lead progression in business continuity by providing remote and mobile access to systems in the event that organisations suffer a regional or on-site emergency, however this does not absolve organisations from considering what physical on-site plans also need to be in place in the event that cloud based services experience outage.
A business continuity plan should cover how IT and technology can both operate at the business location and also remotely, if this location is not accessible. Cloud based systems are a good solution here as they work just as well on-site as they do remotely. This alleviates an IT headache freeing up time to focus in on the disaster while colleagues can continue their activities as best they can.
Business continuity – communication
Often, implementing the business continuity plan fails at point of disaster, simply because the plan hasn’t been communicated clearly, widely and often enough. Organisations must ensure that everyone knows what is expected of them and test to find out that the plan is understood. Locating the business continuity plan should be clearly signposted and online and offline copies should be made available to everyone who is expected to act upon it in times of emergency.
Business continuity – software
Quite often, outages are a result of human error. Many systems are likely to be software dependent. Licences and security certificates are time dependent and this time will, eventually, lapse. The consequences of an expired licence or certificate can escalate from warnings through to reduced functionality or security protection and, in extreme cases, widespread service outages.
Dependency on various licences and certificates, and the impact of expiry must be considered and ways to manage and mitigate this impact must be put in place.
4C Strategies – communication technology and business continuity consultants
Moving forward, organisations should endeavour to review and better understand their IT and technology dependencies, in particular both on licences and certificates and on cloud based data as a whole, and deploy additional resilience where necessary, updating business continuity and disaster recovery plans accordingly.
As an independent consultancy with extensive experience assisting client organisations with the challenges associated with modern communication technology, 4C Strategies is uniquely positioned to help. For a free no-obligation discussion with regards to the above, or any other ICT requirements that you may have, contact 4C Strategies today on 01858 438938, or email firstname.lastname@example.org. Visit https://www.4c.co.uk