On Monday, the Twittersphere and Facebook boards were lighting up with complaints about GoDaddy’s website hosting service being down. It’s been debated in the media and by spectators such as myself as to what went wrong… Was it an attack as one person has claimed? Was it some network configuration error, possibly brought on by a mismanaged change, etc.? What’s worse? That’s a trick question because both can ultimately have the same impact of downtime, lost revenue and a PR headache.
GoDaddy has claimed the “service outage was due to a series of internal network events that corrupted router data tables”. What we don’t know is how/why this happened. Maybe the device’s OS wasn’t up-to-date and had a bug. Maybe a change was made without fully understanding the impact (something that happens all too often) and in this circumstance a disaster occurred as one GoDaddy customer said it lost $50,000 in sales from this outage.
It’s not always about having the latest technology or shiny object, but also making sure you have sound process and resources in place. Firewalls and routers can be misconfigured. Firewall change management is no easy task and if done improperly, an outage can occur or a security gap can be created. (Read our Network Security Horror Stories series on Change Control, Firewall Misconfigurations and Router Misconfigurations for real-life examples). Let’s use this latest headline as a reason to review our network security management processes, identify areas that need improvement and then start addressing them.
While the public may never know the exact cause of the GoDaddy outage, it certainly shines a bright light on something that is too often overlooked. The information security space is often pounded repeatedly with FUD about the latest type of attack and while we certainly must do our best to have the right controls in place, if we can’t properly configure these controls or rather “control the controls” it’s all for naught.
What do you think are the lessons learned from this?
Receive notifications of new posts by email.
We don not ask your personal information to access any of our resources.