Microsoft Teams has suffered a major worldwide outage due to an expired digital certificate. People have taken to Twitter to complain, while others are taking the opportunity to point out the awkward reality that Microsoft is itself a certificate authority while highlighting that it is a totally avoidable issue.
We're investigating an issue where users may be unable to access Microsoft Teams. We're reviewing systems data to determine the cause of the issue. More information can be found in the Admin center under TM202916
— Microsoft 365 Status (@MSFT365Status) February 3, 2020
https://twitter.com/ConradLongmore/status/1224349751723773952
Happy Monday from @MicrosoftTeams! pic.twitter.com/uVVEDkYYfM
— Jason Rabinowitz (@AirlineFlyer) February 3, 2020
It’s not the certificates you know about that will cause your next outage – it’s the ones you don’t. Ignoring certain certificate types or sources within your organization creates a massive blind spot in which enterprise-critical certs can sit undetected and unseen – until they cause a problem. Even one single certificate can cause a lot of damage.
Managing PKI pre-cloud, DevOps and IoT was a simpler exercise. Network connections across people, applications and devices are constantly multiplying, creating an exposure epidemic that opens up new security risk, unchecked vulnerabilities and a broader attack surface. If Microsoft is having challenges managing their certificates imagine what that situation is like with smaller enterprises who lack the same level of resources and security maturity.
Microsoft is experiencing something that happens every day to Global 5000 businesses. Certificates can take weeks to renew and mistakes are often made. These mistakes can cause a service or application to go down for hours, days, and, in some cases, even longer. This is not a unique occurrence, and unfortunately Microsoft Azure and LinkedIn have experienced outages due to expired certificates in the past.
The main issue is that certificates act as authenticators for machines, they authorise machine-to-machine connections and communications. Keys and certificates serve as machine identities and they are critical to making today’s global economy work. When they expire, business stops.
The problem is that most businesses and government agencies companies are using thousands of certificates but they don’t have the insight.