Security Certificate Expiration Shuts Down Microsoft’s Azure Online Backup
March 4, 2013
Microsoft recently committed an embarrassing faux-paus when they forgot to renew a security certificate which was set to expire. The mistake proved to be a costly one, resulting in a global outage the online backup service responsible for storing data for a range of business clients.
This lapse could not come at a worse time, since it’s well known that the technology giant is currently trying to push for an increase in revenue from the online backup service known as Azure.
Certificates such as this are necessary to run online backup services like Azure which use an ‘https’ protocol to block unauthorized users from gaining access to files and information.
Microsoft’s failure to renew their certificate caused the Azure online backup service to break down on Friday just before 5pm. The fall prevented Azure’s customers from accessing their important files which were held in Microsoft’s data centers.
A message on the Windows Azure Service Dashboard stated: ‘Online backup is currently experiencing a global outage impacting https operations (SSL traffic) due to an expired certificate. Http traffic isn’t impacted. We are validating the recovery options before we proceed to implement them. Further updates will be published to keep you current with the situation. We apologize for any inconvenience this may cause for our clients.’
Of course, the forums began to fill with less than kind words, including speculation as to what the provider’s team had overlooked.
In response to plentiful comments about the expiration of Microsoft’s security certificate, one said: ‘Might want to fix that—ASAP. Maybe it wouldn’t hurt to put a sticky note on someone’s monitor so they don’t forget about the expiration date next time…’
As if things weren’t bad enough, Microsoft also recently entered the headlines for joining a growing list of prominent technology companies to suffer a break-in by hackers who planted malware on a small number of computers. Household names such as Facebook, Apple and Twitter were also victims of the attack.
General Manager of the company’s Trustworthy Computing Security, Matt Thomlinson, wrote: ‘Consistent with our security response protocols, we chose not to make a statement during the initial information gathering. During our investigation, we found a small number of machines, some of which were in our Mac Business Unit, that were infected by malicious software using similar techniques to those reported by other large organizations recently.’
Microsoft assures clients that their online backup services will resume soon.