Safe4 continues to prioritise security following outage on 22nd and 23rd March

/in ,

Unfortunately Safe4 suffered a number of outages on the 22nd and 23rd of March. The system was partially unavailable and reporting errors for a total of just under 35 minutes over the two days (25 mins on 22nd March and a little under 10mins on 23rd.) Regrettably this was in the middle of the morning for many of our users – our peak time. Safe4 appreciate that this will have caused those affected a lot of inconvenience and we would sincerely like to apologise for this.

Safe4 strives for a high standard of performance and we have designed a robust solution that enables us to achieve this.  We have maintained 100% availability in recent months and 99.96% over the last 12 months including scheduled maintenance.

What happened

It is important to understand the root cause and learn from the incident to try to avoid it occurring in the future.

Investigation showed that a defective operating system update which was automatically applied caused the outage. Updates like these occur regularly and normally do not impact our operation at all. Unfortunately in this instance it did. Diagnosis was not simple and took longer than we would like.

The problem affected a large number of systems on the internet at about the same time. The OS vendor took prompt action to release an updated patch to correct the issue. Unfortunately because of the problems caused by the first patch the updated patch could not be applied seamlessly either. On this occasion however the resolution was known and the downtime was minimised while the process completed.

As you know Safe4 prioritises the security of your information. A key strategy we employ is to maintain our systems patched to the latest security releases at all times. As you will regularly read in the press, new threats are being discovered all of the time. Fortunately processes are in place that enable vulnerabilities to be reported and systems patched before those vulnerabilities become generally known.

Maintaining the patch level automatically is therefore important to maintaining the security of your information.

Prioritise security

To avoid such problems in the future we have weighed up the risk of turning off the automatic updates. Having examined the incidence of this type of failure (only occurrence since Safe4 started 7 years ago) compared to the possible security risk of delaying patching we have made the decision to continue with our current approach.

We hope you agree with our decision to prioritise security in this way. Safe4 is committed to providing a reliable service and we will of course continue to monitor this situation and seek ways to further reduce the likelihood of a future problem such as this.