Microsoft forgot to renew the certificate for its Windows Insider subdomain over the weekend, causing an outage and disruption for those trying to use the platform. Users who attempted to visit the Windows Insider portal were met with a warning about how their connection wasn’t private.
Despite the site only being down for a few hours, this typifies why large enterprises need to prioritise machine identity management, as without it we’ll continue to see outages impact users.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Microsoft’s Windows Insider Program is a public platform created to provide access to early Windows releases. It has a huge global community of millions of members. Although this incident did not lead to a severe a disruption, the site was still unavailable to millions of users for a number of hours which was, at a minimum, inconvenient. Microsoft isn’t the only vendor to experience this type of incident. Just recently Verifone and Spotify also suffered certificate outages that affected millions of users. Unless large enterprises with massive digital footprints prioritize machine identity management as a tier one application we will see more of these kinds of incidents. The problem is that the keys and certificates that serve as machine identities are critical to reliability as well as security and as companies move to the cloud management of them is more complicated.